Exploitation Summary
EIP tracks 4 public exploits for CVE-2005-1236. PoCs published by Dcrab.
AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in DUportal/DUportal SQL 3.1.2 due to improper input sanitization. It includes an example URL demonstrating the vulnerability but lacks executable exploit code.
Description
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
Exploits (4)
The provided text describes SQL injection vulnerabilities in DUportal/DUportal SQL 3.1.2 due to improper input sanitization. It includes an example URL demonstrating the vulnerability but lacks executable exploit code.
The provided text describes SQL injection vulnerabilities in DUportal/DUportal SQL, specifically in the 'inc_rating.asp' file. It includes example URLs demonstrating how unsanitized input can be exploited but does not contain executable exploit code.
The provided text describes SQL injection vulnerabilities in DUportal/DUportal SQL due to improper input sanitization. It includes a sample exploit URL demonstrating the vulnerability but lacks executable code.
The provided text describes SQL injection vulnerabilities in DUportal/DUportal SQL 3.1.2 due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.