漏洞关键信息 漏洞标题 2daybiz Network Community Script SQL Injection / Cross Site Scripting 披露日期 2011-11-08 / 2011-11-09 风险等级 High CVSS信息 CVSS Base Score: 7.5/10 Exploitrange: Remote Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial Impact Subscore: 6.4/10 Exploitability Subscore: 10/10 Authentication: No required 漏洞描述 2daybiz Network Community Script 存在 SQL 注入和 XSS 漏洞。 漏洞细节 SQL注入漏洞 - Demo URL: XSS漏洞 - Attack Pattern: " - Demo URL: 参考链接 http://xforce.iss.net/xforce/xfdb/59496 http://www.securityfocus.com/bid/40913 http://www.packetstormsecurity.com/1006-exploits/2daybiz-sqlxss.txt http://secunia.com/advisories/40247