AOH :: HP Unsorted A :: TB13120.HTM

Aleris Software Systems Web Publisher Calendar SQL injection



Aleris Software Systems Web Publisher Calendar SQL injection
Aleris Software Systems Web Publisher Calendar SQL injection





http://www.alerisdata.com/articles/home.asp

There exists an SQL injection vulnerability within the calendar section of a Aleris Software Systems web publisher. It seems thats Aleris uses this same calendar with every site they make that utilizes the publisher.

www.example.com/calendar/page.asp?mode=1%20union%20all%20select%201,2,3,4,5,6%20FROM%20users--

I reported this to aleris and am awaiting a response. No fix yet.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.