Security Assessment Software - PCI DSS, Firewall Rulebase Analysis, AuditPro, Firesec, Security Assessment and Audit Software for all versions of Operating Systems, Databases, Routers, Switches, Windows, Unix, Linux, Oracle, MS SQL, IBM DB2, Cisco PIX, Cyberguard, Netscreen, Checkpoint Firewalls, GFI Languard, in India, Mumbai, Hyderabad, Delhi, Bangalore, Chennai, Kolkatta, UAE, Dubai, Kuwait, Bahrain, Qatar, Saudi Arabia, Malaysia, Singapore, Thailand, Far East, USA, Europe, North America.

Advisory Listing

SQL Injections

MSN SQL Injection Vulnerability
Security Advisories \| SQL Injection \| MSN SQL Injection Vulnerability Vendor: MSN Web Site Affected: http://server1.msn.co.in/wallpaper/userchoose.asp Type: SQL Injection Severity: Critical Date released: 29th December 2005
I. Description
A SQL Injection Vulnerability has been reported in the MSN India Web site. The Vulnerability allows an attacker to run arbitrary query on the MSN SQL server. It also reveals some crucial information regarding the database which includes Server name, Database name, and Table name, etc.
Screenshots:
The screenshots can be viewed here
II. Impact
The vulnerability allows an attacker to run an arbitrary query on the SQL server
III. Solution
Vendor has been notified.
Vendor's Response
Microsoft responded immediately, and removed the vulnerable pages from the MSN website.

Network Intelligence (India) Pvt. Ltd. | Copyright | Disclaimer