aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

2008.03.31

Credit: arsalan1991

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-1548 | CVE-2008-1549

CWE: CWE-89

Discovered By : Arsalan Emamjomehkashan

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Website:http://aeries.com/

SQL injection:

GradebookOptions.asp?GrdBk=SQL

loginproc.asp If you post variable "SchlCode"

XSS:

UserName variable on loginproc.asp and usr on Login.asp

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.