-
Input validation of Parameter "a_code" should be corrected.
Credit:
-
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : N. Fathi, M. R. Faghani
tion:
--
Input validation of Parameter "id" should be corrected.
Credit:
--
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi,E. Jafari
FROM
validTableName)%00
http://www.example.com/fa_default.asp?RP=' UNION SELECT TOP 3 AttrName FROM
validTableName%00
Solution:
--
Input validation of Parameter "RP" should be corrected.
Credit:
--
Isfahan University of Technology -
= IUT-CERT =
Title: Sheedravi CMS SQL Injection Vulnerability
Vendor: www.sheedravi.com
Dork: Design by Sheed Graphic Co
Type: Input.Validation.Vulnerability (SQL Injection)
Fix: N/A
== nsec.ir =
Description:
-
.asp" in "sitebid","secText","newsId" and "client-ip"
parameters.
http://www.example.com/src=www.example.com/home-f.asp?sitebid=@@version
http://www.example.com/src=www.example.com/home-f.asp?sitebid=JyI%3D
http://www.example.com/src=www.example.com/home-f.asp?sitebid=%00
other parameters("secText","newsId" and "client-ip") is similar to "sitebid"
parameter.
Solution:
--
Input validation of Parameter
"sitebid","id","secText","client-ip","G_id","ma_id","mi_id","Grp_Code","_method","adv_code"
should be corrected.
Credit:
--
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : M. Fereidounian, M. R. Faghani, N. Fathi, E. Jafari
Solution:
--
Input validation of Parameter "q" should be corrected.
Credit:
--
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : N. Fathi, E. Jafari, M. R. Faghani
name&Landir=rtl&Lan=Fa
Solution:
--
Input validation of Parameter "Cat_id" should be corrected.
Credit:
--
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : E. Jafari, N. Fathi, M. R. Faghani
quot;;alert(12345)
Solution:
--
Input validation of Parameter "q" should be corrected.
Credit:
--
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : E. Jafari, N.Fathi, M. R. Faghani
oursite/page_arch.php?slc_lang=fa&sid=1&logincase=*/-->alert(188017)
http://yoursite/page.php?sid=1&slc_lang=en&redirect=*/-->alert(188017)
Solution:
------
Input Validation Filter should be patched.
Credit:
--
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : M. R. Faghani, N. Fathi, E. Aerabi, E. Jafari
IUT-CERT has received some reports on suspicious link request on HTTP 404 web
server log file. All get parameters values were requested with the value of
http://babyc***b.fortunecity.co.uk/index.htm. Visiting the suspicious site, we
found a PHP malcode that was encrypted by the malicious attack
10 matches
Mail list logo