DMXReady Site Engine Manager Index.ASP SQL Injection Vulnerability
BID:21064
Info
DMXReady Site Engine Manager Index.ASP SQL Injection Vulnerability
| Bugtraq ID: | 21064 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Jan 22 2009 09:02PM |
| Credit: | Aria-Security Team is credited with the discovery of this vulnerability. |
| Vulnerable: |
DMXReady Site Engine Manager 1.0 |
| Not Vulnerable: | |
Discussion
DMXReady Site Engine Manager Index.ASP SQL Injection Vulnerability
DMXReady Site Engine Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Site Engine Manager 1.0 is vulnerable; other versions may also be affected.
DMXReady Site Engine Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Site Engine Manager 1.0 is vulnerable; other versions may also be affected.
Exploit / POC
DMXReady Site Engine Manager Index.ASP SQL Injection Vulnerability
An attacker can exploit this issue via a browser.
The following proof-of-concept URI is available:
http://www.example.com/[path]/index.asp?mid=[SQL Injection]
An attacker can exploit this issue via a browser.
The following proof-of-concept URI is available:
http://www.example.com/[path]/index.asp?mid=[SQL Injection]
Solution / Fix
DMXReady Site Engine Manager Index.ASP SQL Injection Vulnerability
Solution:
Vendor updates are available. Contact the vendor for details.
Solution:
Vendor updates are available. Contact the vendor for details.
References
DMXReady Site Engine Manager Index.ASP SQL Injection Vulnerability
References:
References:
- DMXReady Homepage (DMXReady)