Metyus Okul Yonetim Sistemi Uye_giris_islem.ASP SQL注入漏洞

Metyus Okul Yonetim Sistemi是一款基于ASP的WEB应用程序。 Metyus Okul Yonetim Sistemi不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'Uyegirisislem.ASP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 MaxiASP Yonetimi 1.0 http://www.maxiasp.com/scriptler.asp?ktno=1 titleRemote Admin Attack - LiderHack.Or...

metyus.txt

LiderHack.Org script name : Metyus Okul Yönetim Sistemi V.1.0 tr Script Download : http://www.maxiasp.com/scriptler.asp?ktno=1 Risk : High Found By : ShaFuck31 Thanks : Dekolax , DesquneR , ST@ReXT , SaboTaqe Vulnerable file : uyegirisislem.asp Manual connect : Go to Admin Panel Login -----...

CVE-2006-6298

CVE-2006-6298 describes a SQL injection vulnerability in the web application component uye_giris_islem.asp of Metyus Okul Yonetim Sistemi 1.0. The vulnerability allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters, potentially compromising ...