Threat Encyclopedia

BizTalk.rawdocdata.ASP.SQL.Injection

Description

It indicates a SQL Injection vulnerability in Microsoft BizTalk server via the rawdocdata.asp script.


There exists a SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002. Due to insufficient user input sanitization, a remote attacker can execute operating system commands on a target system by sending it a specially-crafted request.

Affected Products

Any unprotected Microsoft BizTalk 2000 or 2002 is vulnerable to the attack.

Impact

Attackers can modify database query logic, execute commands or compromise the database.

Recommended Actions

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

CVE References

CVE-2003-0118