Exploit Iatek IntranetApp 2.3 - 'ad_click.asp?banner_id' SQL Injection

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
25318
Проверка EDB
  1. Пройдено
Автор
DIABOLIC CRAB
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2005-0948
Дата публикации
2005-03-29
Код:
source: https://www.securityfocus.com/bid/12936/info

Multiple input-validation vulnerabilities reportedly affect PortalApp. These issues occur due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.

The first set of issues includes cross-site scripting vulnerabilities that affect the 'content.asp' script. These issues arise because the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.

The second issue is an SQL-injection vulnerability that affects the 'ad_click.asp' script. The application includes the value of the offending parameters without sanitization, allowing an attacker to inject SQL syntax and manipulate SQL queries.

An attacker may leverage these issues to carry out cross-site scripting and SQL-injection attacks against the affected application. This may result in the theft of authentication credentials, destruction or disclosure of sensitive data, and potentially other attacks.

http://www.example.com/ad_click.asp?banner_id='SQL_INJECTION
 
Источник
www.exploit-db.com

Похожие темы