[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
From: arsalan1991@xxxxxxxxx
Date: 25 Mar 2008 07:32:31 -0000

Discovered By : Arsalan Emamjomehkashan

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Website:http://aeries.com/
SQL injection:
GradebookOptions.asp?GrdBk=SQL
loginproc.asp If you post variable "SchlCode"
XSS:
UserName variable on loginproc.asp and usr on Login.asp

Prev by Date: Re: Linksys phone adapter denial of service
Next by Date: Re: hacking the mitsubishi GB-50A
Previous by thread: [ GLSA 200803-32 ] Wireshark: Denial of Service
Next by thread: [SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities
Index(es):
- Date
- Thread