|
|
 |
| New User, Welcome! Login |
Sheedravi CMS SQL Injection Vulnerability
| From: |
faghani nsec ir |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Sheedravi CMS SQL Injection Vulnerability |
| Date: |
Sun - Dec 27, 2009 11:58 PM |
================= IUT-CERT =================
Title: Sheedravi CMS SQL Injection Vulnerability
Vendor: www.sheedravi.com
Dork: Design by Sheed Graphic Co
Type: Input.Validation.Vulnerability (SQL Injection)
Fix: N/A
================== nsec.ir =================
Description:
------------------
Sheedravi is a CMS producer in Iran. /template1/advancedsearch.aspx page in Sheedravi CMS
product are vulnerable to SQL Injection vulnerability.
Vulnerability Variant:
------------------
Injection "/template1/advancedsearch.aspx.aspx" in "txtAdvancedkeyword" POST parameter
value:' or 1=1;--
'
<script>
and,...
Solution:
------------------
Input validation of "txtAdvancedkeyword" POST parameter should be corrected.
Credit:
------------------
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
