Home page logo
/

pen-test logo Penetration Testing mailing list archives

BroadVision command Injection
From: stephen <stephen () dcode net>
Date: Tue, 20 Aug 2002 17:50:28 +0100 (BST)



I've come across a web application using BroadVision, that's vulnerable to
script injection.  Trouble is, is that BV doesn't use straight SQL, but
rather some sort of server-side Javascript (seriously).  The command in
the page, looks like this:
Session.serviceOfflineCM.contentByCondition( OWNER_ID = 99999993333 AND
DELETED = 0 AND UPPER(LIST_VALUE) LIKE UPPER('%hello'%') ,US
,'SOME_THING' ,null )

I injected hello' into the vulnerable field.  Any ideas on how to actually
run any code on the server ?  The usual comment characters don't seem to
work (#,;;,//,<--,--).
The web is full of marketing information about BV, but very sparse on
technical/programmatical info, any links to usefull tech info will be
appreciated.

cheers,
Stephen



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
  • BroadVision command Injection stephen (Aug 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]