Aeries Student Information System Multiple Input Validation Vulnerabilities

info
discussion
exploit
solution
references

Aeries Student Information System Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.

The following example URIs are available:

http://www.example.comComments.asp?&FC=SQL
http://www.example.comLabels.asp?&Term=SQL
http://www.example.comClassList.asp&Term=SQL
http://www.example.comGradebookStuScores.asp?GrdBk=SQL