Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection Mar 25 2008 07:32AM
arsalan1991 gmail com
Discovered By : Arsalan Emamjomehkashan

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Website:http://aeries.com/

SQL injection:

GradebookOptions.asp?GrdBk=SQL

loginproc.asp If you post variable "SchlCode"

XSS:

UserName variable on loginproc.asp and usr on Login.asp
...

[ more ]  




 

Privacy Statement
Copyright 2007, SecurityFocus