|
Future Internet Multiple Input Validation Vulnerabilities
An attacker can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI. An attacker can exploit the SQL-injection issue through a web-client. The following proof-of-concept URIs are available: http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.Showpage&categoryid=311&newsId=[SQL] http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.Showpage&categoryid=[SQL] http://www.example.com/path_of_script/index.cfm?langId=[SQL] http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.ShowPage&categoryId=[XSS] |
|
|
Privacy Statement |
