| VID |
22206 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The iisPROTECT has a SQL Injection vulnerability.
The iisPROTECT is a Web-based user authentication program that is used to password protect Web site contents for Microsoft Windows platforms, which uses either a MS access file or a MS SQL-server by default. Due to improper filtering for user input on iisPROTECT web administration interface(SiteAdmin.asp), the iisPROTECT is vulnerable to a SQL Injection attack.
By sending a specially-crafted URL request to the SiteAdmin.asp script containing arbitrary SQL code in a specific variable, such as the 'GroupName' variable, a remote attack can add, modify or delete information in the backend database. The following example invokes the 'xp_cmdshell' stored procedure to execute the ping command on the host operating system.
http://www.example.com/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=secuiscan';exec%20master..xp_cmdshell'ping%2010.10.10.11';--
* References:
http://www.securiteam.com/windowsntfocus/5GP0M1PA0K.html
* Platforms Affected:
iisPROTECT 2.2-r4 |
| Recommendation |
Upgrade to the latest version of iisPROTECT from:
http://www.iisprotect.com/ |
| Related URL |
CVE-2003-0377 (CVE) |
| Related URL |
7675 (SecurityFocus) |
| Related URL |
12065 (ISS) |
|
