MaxWebPortal pop_profile.asp Cookie Variables SQL Injection

2005-05-11T05:14:07
ID OSVDB:16505
Type osvdb
Reporter Zinho(zinho@hackerscenter.com)
Modified 2005-05-11T05:14:07

Description

Vulnerability Description

MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the cookie submitted to the pop_profile.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MaxWebPortal contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the cookie submitted to the pop_profile.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.maxwebportal.com/ Related OSVDB ID: 16501 Related OSVDB ID: 16502 Related OSVDB ID: 16504 Related OSVDB ID: 16503 Related OSVDB ID: 16506 Other Advisory URL: http://www.hackerscenter.com/archive/view.asp?id=2542 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0122.html