SelfComposer CMS - SQL Injection Vulnerability

ID EDB-ID:12606
Type exploitdb
Reporter Locu
Modified 2010-05-14T00:00:00


SQL injection vulnerability in SelfComposer CMS. Webapps exploit for asp platform

                                            *==== =={ Advisory 14/5/2010 } ======*

*SQL injection vulnerability in SelfComposer CMS

*Vendor's Description of Software:*




*Application Info:*

*Name: *SelfComposer

*Vulnerability Info:*

*Type: *SQL injection Vulnerability

*Risk: High*



*Time Table:*

*06/05/2010 - Vendor notified.*
*Additional Info:*

All the input passed via "idprod", "idpadrerif", "idreferenza",
is not properly sanitised before being used in a sql query.


Input validation of "idprod", "idpadrerif", "idreferenza",
parameters should be corrected.


# http://[site]/scheda.asp?idprod=[SQLi]&idpadrerif=[SQLi]

# http://[site]/schedaistituzionale.asp?idreferenza=[SQLi]&idpadrerifIstituzionali=[SQLi]


Discoverd By: Locu


Contacts: xlocux[-at-]

*============ {EOF} =============*