[原文]SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
Full Revolution aspWebAlbum album.asp SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
aspWebAlbum contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that multiple variables in the 'album.asp' script are not verified properly and will allow an attacker to inject or manipulate SQL queries.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.