Hello,
I have to present a vulnerability : CVE-2016-3172 (SQL Injection / tree.php) + CVE-2015-8604 (SQL Injection / graphs_new.php) in a university defense I installed cacti 0.8.8f on a virtual machine and i would replay the sql injection. Unfortunately I can not. Could you help me ? How to replay this injection? Thanks for your help De : David Liedke [mailto:lie...@rz.uni-mannheim.de] Envoyé : mercredi 15 mars 2017 08:10 À : STRABACH Jérôme DTSI/DERS Objet : Re: Info CVE-2016-3172 (SQL Injection / tree.php) + CVE-2015-8604 (SQL Injection / graphs_new.php) Hello, Sorry - i dont know. I am only one of the package maintainers of the cacti package in the openSUSE Repository. Maybe you can ask on the "cacti-user" mailing list --> http://cacti.net/mailing_lists.php Good luck. Regards, David Am 14.03.2017 um 19:01 schrieb jerome.strab...@orange.com: Hello, I am a student at the University of Lille, in France I begin my studies in network security. I have to present a vulnerability : CVE-2016-3172 (SQL Injection / tree.php) + CVE-2015-8604 (SQL Injection / graphs_new.php) For CVE-2015-8604 : http://www.cvedetails.com/cve-details.php?t=1 <http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2015-8604> &cve_id=CVE-2015-8604 http://www.openwall.com/lists/oss-security/2016/03/10/13 CVE-2016-3172 https://www.cvedetails.com/cve-details.php?t=1 <https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2016-3172> &cve_id=CVE-2016-3172 I installed cacti 0.8.8f on a virtual machine and i would replay the sql injection. Unfortunately I can not. Could you help me ? How to replay this injection? Thanks for your help
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ cacti-user mailing list cacti-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cacti-user