aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
- From: arsalan1991@xxxxxxxxx
- Date: 25 Mar 2008 07:32:31 -0000
Discovered By : Arsalan Emamjomehkashan
aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
Website:http://aeries.com/
SQL injection:
GradebookOptions.asp?GrdBk=SQL
loginproc.asp If you post variable "SchlCode"
XSS:
UserName variable on loginproc.asp and usr on Login.asp
- Prev by Date: Re: Linksys phone adapter denial of service
- Next by Date: Re: hacking the mitsubishi GB-50A
- Previous by thread: [ GLSA 200803-32 ] Wireshark: Denial of Service
- Next by thread: [SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities
- Index(es):
Relevant Pages
- [waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke]
... Unsanitaized variable "jcode" will open a way to exploit the XSS in phprofession: ...
Good thing for webmasters is, that in case of MySql ... Point is, that this sql injection
is in this moment non-critical, but it's ... You have an error in your SQL syntax. ...
(Bugtraq) - Multiple Sql injection and XSS in Asp Nuke 0.80 (Working exploits included)
... Multiple Sql injection and XSS in Asp Nuke 0.80 ... multiple sql injection
and xss in asp nuke 0.80. ... Syntax error converting the varchar value 'f2349ef3f76a2d980586cb945a1973ba8e9579a9c9411c043be85583f444e015'
to a column of data type int. ... (Bugtraq) - Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)
... I can confirm this affecting earlier versions as well, the XSS has been fixed
some months ago, the SQL Injection were caused by a failure in the "punctuation" validation regexp.
... it is possible that the problem affects also earlier OSSIM versions ... (Bugtraq) - Re: [Full-disclosure] on xss and its technical merit
... XSS isnt techincal no matter how its used ... execution flow and as such make
the attack stealthier. ... or couldnt find any other web bugs (sql injection, ...
FD is a general security list. ... (Full-Disclosure) - Multiple vulnerabilities in Blur6ex
... blur6ex is a content management system for manage a blog. ... I got XSS
and full path disclosures in one step. ... SQL injection ... You have an error in
your SQL syntax; check the manual that corresponds to your ... (Bugtraq)
