Aspmforum [ multiples injection sql (get&post)]

Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

vendor site: product:Aspmforum bug:injection sql (get & post) risk:high injection sql get : /forum.asp?baslik='[sql] /forum2.asp?baslik=2&soruid='[sql] /kullanicilistesi.asp?ak=&at=&harf='[sql] /kullanicilistesi.asp?at=baslayan&ak='[sql] once logged : /mesajkutum.asp?eylem=oku&mesajno='[sql] //private message injection sql post: in : /aramayap.asp Variables: kelimeler='[sql] or just post your query into the search engine ... in : /giris.asp Variables: kullaniciadi='[sql]&parola=&I1.x=0&I1.y=0&I1=Submit or just post your query into the username field laurent gaffi & benjamin moss contact: saps.audit (at) gmail (dot) com [email concealed]

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023,


Back to Top