.. / CVE-2014-2323

Exploit for Lighttpd 1.4.34 SQL Injection and Path Traversal (CVE-2014-2323)

Description:

A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname).

Nuclei Template

View the template here CVE-2014-2323.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-2323.yaml

References:

https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
http://www.lighttpd.net/2014/3/12/1.4.35/
https://nvd.nist.gov/vuln/detail/CVE-2014-2323
http://seclists.org/oss-sec/2014/q1/561
http://jvn.jp/en/jp/JVN37417423/index.html

.. / CVE-2014-2323 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Lighttpd 1.4.34 SQL Injection and Path Traversal (CVE-2014-2323)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2014-2323