SteelID thePhotoTool Login.ASP SQL Injection Vulnerability
BID:9884
Info
SteelID thePhotoTool Login.ASP SQL Injection Vulnerability
| Bugtraq ID: | 9884 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2004 12:00AM |
| Updated: | Mar 15 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to KingSerb <[email protected]>. |
| Vulnerable: |
SteelID thePhotoTool |
| Not Vulnerable: | |
Discussion
SteelID thePhotoTool Login.ASP SQL Injection Vulnerability
SteelID thePhotoTool is prone to an SQL injection vulnerability. The issue is reported to exist in the 'login.asp' script, which does not sufficiently sanitize user-supplied input before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
SteelID thePhotoTool is prone to an SQL injection vulnerability. The issue is reported to exist in the 'login.asp' script, which does not sufficiently sanitize user-supplied input before including it in SQL queries. This could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks.
Exploit / POC
SteelID thePhotoTool Login.ASP SQL Injection Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SteelID thePhotoTool Login.ASP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SteelID thePhotoTool Login.ASP SQL Injection Vulnerability
References:
References:
- thePhotoTool Homepage (SteelID)