kvaliitti-sql.txt

2007-12-08T00:00:00
ID PACKETSTORM:61599
Type packetstorm
Reporter Jaakko "Chrysalid" Hartikainen
Modified 2007-12-08T00:00:00

Description

                                        
                                            `Found by: Jaakko "Chrysalid" Hartikainen  
  
1. Info  
  
Kvaliitti WebDoc 3.0 CMS is a proprietary Finnish-made content management system developed by Kvaliitti Oy (http://www.kvaliitti.fi). It is driven by MS SQL Server and ASP.   
  
2. Abstract  
  
WebDoc 3.0 suffers from a flaw in input validation, which allows attackers to insert malicious SQL queries into an existing one, possibly gaining complete control over an affected system.  
  
3. Vulnerable files & PoC:  
  
categories.asp, subcategory.asp, document_id, cat_id  
  
This proof of concept example exposes the internal server variable called "@@version":  
  
http://www.vulnerable.tld/categories.asp?document_id=37&cat_id=convert(int,(select+@@version));--   
  
4. Misc  
  
Vendor notified: yes  
  
--   
`