16 lines
No EOL
1.3 KiB
Text
16 lines
No EOL
1.3 KiB
Text
source: https://www.securityfocus.com/bid/14029/info
|
|
|
|
DUportal Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
|
|
|
|
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
|
|
|
|
Some of these issues may have previously been discussed in BID 13285 and BID 13288.
|
|
|
|
http://www.example.com/DUportalPro34/Articles/default.asp?iChannel=2[SQL Inject]&nChannel=Articles
|
|
http://www.example.com/DUportalPro34/Articles/detail.asp?iData=4[SQL Inject]&iCat=292&iChannel=2&nChannel=Articles
|
|
http://www.example.com/DUportalPro34/home/members.asp?iMem=[SQL Inject]
|
|
http://www.example.com/DUportalPro34/topics/cat.asp?iCat=4[SQL Inject]&iChannel=16&nChannel=Topics
|
|
http://www.example.com/DUportalPro34/Polls/default.asp?iChannel=15[SQL Inject]&nChannel=Polls
|
|
http://www.example.com/DUportalPro34/home/members.asp?iMem=[SQL Inject]
|
|
http://www.example.com/DUportalPro34/admin/members_listing_approval.asp?offset=[SQL Inject]
|
|
http://www.example.com/DUportalPro34/admin/channels_edit.asp?iChannel=7[SQL inject]&nChannel=[Name Module] |