Sheedravi CMS SQL Injection Vulnerability

看板Bugtraq作者faghani.時間16年前 (2009/12/29 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

================= IUT-CERT ================= Title: Sheedravi CMS SQL Injection Vulnerability Vendor: www.sheedravi.com Dork: Design by Sheed Graphic Co Type: Input.Validation.Vulnerability (SQL Injection) Fix: N/A ================== nsec.ir ================= Description: ------------------ Sheedravi is a CMS producer in Iran. /template1/advancedsearch.aspx page in Sheedravi CMS product are vulnerable to SQL Injection vulnerability. Vulnerability Variant: ------------------ Injection "/template1/advancedsearch.aspx.aspx" in "txtAdvancedkeyword" POST parameter value:' or 1=1;-- ' <script> and,... Solution: ------------------ Input validation of "txtAdvancedkeyword" POST parameter should be corrected. Credit: ------------------ Isfahan University of Technology - Computer Emergency Response Team Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 faghani. 的文章

文章代碼(AID): #1BEF9eOV (Bugtraq)