CVE-2017-17713: CVE-2017-17713

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-17713

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Trape SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Trape是一套开源的互联网跟踪识别工具。该功能够对会话进行远程识别，模拟钓鱼攻击。 Trape 2017-11-05之前的版本中存在SQL注入漏洞。远程攻击者可借助多个参数或包头利用该漏洞执行SQL命令。（多个参数和包头包括：‘/red’、‘vId’、‘country’、‘countryCode’、‘cpu’、’isp‘、’lat‘、’lon‘、’org‘、’query‘、’region‘、’/regionName‘、’timezone‘、’vId‘、’zip‘、’id‘参数或User-Agent HT

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2017-17713

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-17713

Please Login to view more intelligence information

https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/x_refsource_MISC
https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3x_refsource_MISC
https://www.youtube.com/watch?v=efmvL235S-8x_refsource_MISC
https://www.youtube.com/watch?v=RWw1UTeZee8x_refsource_MISC
https://www.youtube.com/watch?v=Txp6IwR24jYx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2017-17713

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2017-17713

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2017-17713

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-17713

III. Intelligence Information for CVE-2017-17713

IV. Related Vulnerabilities

V. Comments for CVE-2017-17713

Leave a comment