EasyPage 'docId' Parameter SQL Injection Vulnerability
BID:51570
Info
EasyPage 'docId' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 51570 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 18 2012 12:00AM |
| Updated: | Jan 19 2012 06:30PM |
| Credit: | Red Security TEAM |
| Vulnerable: |
EasyPage EasyPage 0 |
| Not Vulnerable: | |
Discussion
EasyPage 'docId' Parameter SQL Injection Vulnerability
EasyPage is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
EasyPage is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
EasyPage 'docId' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/default.aspx?page=Document&app=Documents&docId=convert(int,db_name() COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/default.aspx?page=Document&app=Documents&docId=convert(int,db_name() COLLATE SQL_Latin1_General_Cp1254_CS_AS) and 1=1
Solution / Fix
EasyPage 'docId' Parameter SQL Injection Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].