I've come across a web application using BroadVision, that's vulnerable to script injection. Trouble is, is that BV doesn't use straight SQL, but rather some sort of server-side Javascript (seriously). The command in the page, looks like this: Session.serviceOfflineCM.contentByCondition( OWNER_ID = 99999993333 AND DELETED = 0 AND UPPER(LIST_VALUE) LIKE UPPER('%hello'%') ,US ,'SOME_THING' ,null ) I injected hello' into the vulnerable field. Any ideas on how to actually run any code on the server ? The usual comment characters don't seem to work (#,;;,//,<--,--). The web is full of marketing information about BV, but very sparse on technical/programmatical info, any links to usefull tech info will be appreciated. cheers, Stephen ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 10:00:11 PDT