AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
November 21, 2008, 07:44:30 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4636 Members
Latest Member: shoowlkew
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: Noah Classified SQL Injection and Cross-Site Scripting Vulnerabilities 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Noah Classified SQL Injection and Cross-Site Scripting Vulnerabilities  (Read 778 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
Noah Classified SQL Injection and Cross-Site Scripting Vulnerabilities
« on: September 17, 2005, 10:31:21 AM »
* Technical Description *

Two vulnerabilities were identified in Noah's Classified, which could be exploited by attackers to perform SQL injection or cross site scripting.

The first issue is due to an input validation in the "index.php" script when processing a specially crafted "rollid" parameter, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.

The second vulnerability is due to an input validation error in the "index.php" when processing a specially crafted "rollid" parameter, which may be exploited by remote users to conduct SQL injection attacks.

 * Affected Products *

Noah Classified version 1.3 and prior

 * Solution *

No official supplied patch for this issue.

 * References *

http://www.frsirt.com/english/advisories/2005/1749
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Topic: Noah Classified SQL Injection and Cross-Site Scripting Vulnerabilities « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!