aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

2008.03.31

Credit: arsalan1991

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-1548 | CVE-2008-1549

CWE: CWE-89

Discovered By : Arsalan Emamjomehkashan
aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection
Website:http://aeries.com/
SQL injection:
GradebookOptions.asp?GrdBk=SQL
loginproc.asp If you post variable "SchlCode"
XSS:
UserName variable on loginproc.asp and usr on Login.asp

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.