source: http://www.securityfocus.com/bid/14843/info Digital Scribe is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. The following is sufficient to gain administrative privileges: login: " or isnull(1/0) /* password: [whatever]
Related Exploits
Other Possible E-DB Search Terms: Digital Scribe 1.4, Digital ScribeDate | D | V | Title | Author |
---|---|---|---|---|
2009-12-11 |
![]() |
Digital Scribe 1.4.1 - Multiple SQL Injections | Salvatore F... | |
2011-07-31 |
![]() |
Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities | LiquidWorm | |
2003-09-05 |
![]() |
Digital Scribe 1.x - Error Function Cross-Site Scripting | Secunia |