Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: BroadVision command Injection

BroadVision command Injection

From: stephen <stephen_at_dcode.net>
Date: Tue, 20 Aug 2002 17:50:28 +0100 (BST)

I've come across a web application using BroadVision, that's vulnerable to
script injection. Trouble is, is that BV doesn't use straight SQL, but
rather some sort of server-side Javascript (seriously). The command in
the page, looks like this:
Session.serviceOfflineCM.contentByCondition( OWNER_ID = 99999993333 AND
DELETED = 0 AND UPPER(LIST_VALUE) LIKE UPPER('%hello'%') ,US
,'SOME_THING' ,null )

I injected hello' into the vulnerable field. Any ideas on how to actually
run any code on the server ? The usual comment characters don't seem to
work (#,;;,//,<--,--).
The web is full of marketing information about BV, but very sparse on
technical/programmatical info, any links to usefull tech info will be
appreciated.

cheers,
Stephen

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 20 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]