Submeter #81: Axios Italia Axios RE 1.7.0/7.0.0 REDefault.aspx DBIDX Connection String Parameter Pollutioninformação

TítuloAxios Italia Axios RE 1.7.0/7.0.0 REDefault.aspx DBIDX Connection String Parameter Pollution
DescriçãoConnection String Parameter Pollution vulnerability found by changing DBIDX parameter in REDefault.aspx query. It is not filtered or sanitized, allowing attackers to change database connection string parameters. Accessing to ReStart.aspx (from one of school partners) and clicking on RE logo, we are redirected to REDefault.aspx, the vulnerable target, then to RELogin.aspx, which uses configuration parameters from the previous URL. Clicking on "Password dimenticata" (Password lost?) or "Accedi" (Login) we can see the details of exception thrown by ASP.NET.
Fonte⚠️ https://family.sissiweb.it/Secret/REStart.aspx?Customer_ID=80008420434
Utilizador
 ErPaciocco (UID 4004)
Submissão05/08/2019 22h25 (há 7 anos)
Moderação06/08/2019 07h48 (9 hours later)
EstadoAceite
Entrada VulDB139528 [Axios Italia Axios RE 1.7.0/7.0.0 Connection REDefault.aspx DBIDX Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!