ASP-Rider远程SQL注入漏洞

漏洞信息详情

ASP-Rider远程SQL注入漏洞

• CNNVD编号：CNNVD-200412-1115
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1401
  
• 漏洞类型：
  
  
  SQL注入
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  asp-rider
• 漏洞来源：
  Shervin Khaleghjou…

Asp-rider的verify.asp存在SQL注入漏洞。远程攻击者借助username参数执行任意SQL语句和绕过认证。

It is reported that this issue has been resolved in the latest release of the affected software, although this has not been verified. Please contact the vendor for more information on obtaining the fixed packages.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: asp-rider-verify-sql-injection(18479)
链接:http://xforce.iss.net/xforce/xfdb/18479

来源: SECUNIA
名称: 13470
链接:http://secunia.com/advisories/13470/

来源: BID
名称: 11933
链接:http://www.securityfocus.com/bid/11933

来源: BUGTRAQ
名称: 20041214 ASP-rider is vulnerable to sql injection attack
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110305802005220&w=2