[VIM] vendor dispute: 22066: SpireMedia CMS index.cfm cid Variable SQL Injection (fwd)
Steven M. Christey
coley at linus.mitre.org
Wed Jan 18 00:52:23 EST 2006
OK so it looks like it might just be a path disclosure issue from invalid
SQL syntax, at least based on error messages.
However, there is some evidence that there is also a minor XSS type issue
in the same parameter.
http://www.spiremedia.com/spiremedia2k5/index.cfm?cid=<a%20href="javascript:alert('hi')">abc</a>
(gotta click on the link though)
Oh, but this one works alright:
http://www.spiremedia.com/spiremedia2k5/index.cfm?cid=<img src="javascript:alert('hi')">img here
- Steve
More information about the VIM
mailing list