Magic List Pro - 'view_archive.cfm?ListID' SQL Injection

EDB-ID:

26763


Author:

r0t

Type:

webapps


Platform:

CFM

Date:

2005-12-08


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/15774/info

CFMagic Products are prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.

These vulnerabilities allow an attacker to inject malicious SQL code into database queries, and conduct cross-site scripting attacks.

Magic Book Professional version 2.0 and prior, Magic List Professional version 2.5 and prior, and Magic Forum Personal versions 2.5 and prior are vulnerable.

Other versions of these applications may also be affected. 

http://www.example.com/view_archive.cfm?ListID=[SQL]