 |
|
|
|
| Vulnerability details : |
| |
 |
|
WWWguestbook login.asp password Parameter SQL Injection |
|
|
Fiche créée le 2005-04-29 11:07:18, dernière mise à jour le 2009-04-30 03:31:18
WWWguestbook contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to 'password' variable in the login.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
| |
| Abczone.it 1.1 Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2005-04-29 11:08:36
| Attack Type : Information Disclosure
comments, passwords, fingerprinting, system information. | | | | Disclosure : OSVDB Verified | Confirmé le 2005-04-29 11:08:36
| Exploit : Exploit Unknown
Unsure of exploit status. | Exploit découvert le 1970-01-01 07:00:00
| Impact : Loss of Confidentiality
Assurance that data is protected and not disclosed to an unauthorized party.
Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection. | | | Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 15968 | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
