|
|
|
| |
Menu |
|
|
| |
|
|
| |
|
|
|
|
 |
|
Description:Microsoft SQLXML, included as part of Microsoft SQL Server 2000 Gold or available as a separate add-on component for SQL Server, could allow a remote attacker to execute arbitrary script on the system, caused by improper validation of the "Root" parameter in an XML SQL query. SQLXML is a component used to exchange Extensible Markup Language (XML) data with a SQL server. A remote attacker could include malicious script within the "Root" parameter of an XML SQL query. This would allow the attacker to create a link on a Web page that calls a vulnerable XML SQL query. After the victim clicks the link, the script would be executed in the victim's Web browser within the security context of the local Intranet Zone, once a reply is received from the SQL Server running the SQLXML component.
|
|
|
|
|
| Featured
Products |
Advertise on
XMLPitstop
|
|
Our
Sponsors |
Advertise on
XMLPitstop
|
| Partners |
|
| Friends |
|
| Statistics |
3,833 Total Members
58 members(last 30 days)
8 members(last 7 days)
0 members(today)
1,937 Total Discussions
2 Posts(last 30 days)
0 Posts(last 7 days)
0 Posts(today)
47,487 Total Blog Posts
0 Blogs(last 30 days)
0 Blogs(last 7 days)
0 Blogs(today)
8,699 Newsgroup Posts
0 Posts(last 30 days)
0 Posts(last 7 days)
0 Posts(today)
14,084 Total Resources
2 Resources(last 30 days)
0 Resources(last 7 days)
0 Resources(today)
|
|
|
| |
|