标题: *AlstraSoft EPay Enterprise v4.0 Blind SQL Injection*

作者: *Don (BalcanCrew & BalcanHack)*

下载地址: *http://www.alstrasoft.com/epay_enterprise.htm*

版本: *4.0*

测试平台: *Apache/1.3.37*

############################################################################

# An attacker may execute arbitrary SQL statements on the vulnerable

system.

# This may compromise the integrity of your database and/or expose

sensitive information.

# Depending on the back-end database in use,

# SQL injection vulnerabilities lead to varying levels of data/system

access for the attacker.

# It may be possible to not only manipulate existing queries, but to UNION

in arbitrary data,

# use subselects, or append additional queries. In some cases,

# it may be possible to read in or write out to files, or to execute shell

commands on the underlying operating system.

# Certain SQL Servers such as Microsoft SQL Server contain stored and

extended procedures (database server functions).

# If an attacker can obtain access to these procedures it may be possible

to compromise the entire machine.

############################################################################

缺陷*

http://www.2cto.com /process.htm?action=product&member=justme&product=11-2%2b2*3-6&send=yes

 

*问题修复:*

 

Script should filter metacharacters from *user input*.

 

*Don*