aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

2008-03-25T00:00:00
ID SECURITYVULNS:DOC:19496
Type securityvulns
Reporter Securityvulns
Modified 2008-03-25T00:00:00

Description

Discovered By : Arsalan Emamjomehkashan

aeries browser interface(ABI) 3.8.3.14 Remote SQL Injection

Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp