Web Animations Password Protect Multiple Input Validation Vulnerabilities

Web Animations Password Protect Multiple Input Validation Vulnerabilities

No exploit is required.

The following proof of concept examples are available:

SQL injection:
/adminSection/index_next.asp?admin = (SQLInjection) Pass = (SQLInjection)

/adminSection/ChangePassword.asp?LoginId=(SQLInjection) OPass=(SQLInjection) NPass=(SQLInjection) CPass=(SQLInjection)

Cross-site scripting:
/adminSection/index.asp?ShowMsg=(XSS)
/adminSection/ChangePassword.asp?ShowMsg=(XSS)
/adminSection/users_list.asp?ShowMsg=(XSS)
/adminSection/users_add.asp?ShowMsg=(XSS)