Computer Security

Security Advisory: aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [DSECRG-08-022] Multiple Security Vulnerabilities in Bolinos 4.6.1

  Cuteflow Bin v1.5.0 Local File Inclusion Vuln

  e107 My_Gallery Plugin Arbitrary File Download Vulnerability

  EfesTech E-Kontr (id) Remote SQL INJECTION

From:arsalan1991_(at)_gmail.com <arsalan1991_(at)_gmail.com>
Date:25.03.2008
Subject:aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Discovered By : Arsalan Emamjomehkashan

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Website:http://aeries.com/
SQL injection:
GradebookOptions.asp?GrdBk=SQL
loginproc.asp If you post variable "SchlCode"
XSS:
UserName variable on loginproc.asp and usr on Login.asp
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru