13 lines
523 B
Text
Executable file
13 lines
523 B
Text
Executable file
source: http://www.securityfocus.com/bid/7804/info
|
|
|
|
Several software products maintained by Xpressions Interactive are prone to SQL injection attacks.
|
|
|
|
The vulnerability exists in the login.asp page. Specifically, user-supplied input is not sufficiently sanitized of malicious SQL queries.
|
|
|
|
An attacker may exploit this vulnerability to insert SQL code into requests and have the SQL code executed by the underlying database server.
|
|
|
|
http://examplestore.com/manage/login.asp
|
|
User: admin
|
|
Pass: ' or '1' = '1
|
|
|
|
|