Users login

Create an account »


Users login

Home » Hacking News » MS Site Server Unauthorized SQL Command Injection Vulnerability

MS Site Server Unauthorized SQL Command Injection Vulnerability

by Nikola Strahija on February 3rd, 2002 An issue exists in web applications that ship with Site Server that do not properly validate user input before passing it to an SQL query. The site applications contained within 'clocktower', 'vc30', 'mspress30' and 'market' allow for the injection of user specified SQL commands.

The existence of these vulnerabilities may be due to the issue discussed as BID 994. However this has not been confirmed.

Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well as providing an interface for e-commerce sites to interact and conduct business with customers and suppliers.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »