关键信息 漏洞名称: SePortal 2.4 (poll.php poll_id) Remote SQL Injection Vulnerability 日期: 2008-11-23 / 2014-03-31 贡献者: Mr.SQL 风险级别: 高 CVSS Base Score: 7.5/10 - Exploit Range: Remote - Confidentiality Impact: Partial CVE: CVE-2008-5191 CWE: CWE-89 影响和利用信息 Impact Subscore: 6.4/10 - Attack Complexity: Low - Integrity Impact: Partial Exploitability Subscore: 10/10 - Authentication: No required - Availability Impact: Partial 影响的脚本和链接 脚本名称: SePortal V2.4 网站: www.seportal.org 下载: http://www.seportal.org/downloads.php?action=showfile&id=1 漏洞利用示例 poll.php: staticpages.php: 参考链接 http://www.securityfocus.com/bid/29996 http://www.milw0rm.com/exploits/5960 http://secunia.com/advisories/30865