SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote malicious users to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft index server 2.0 |