Default.ASPX SQL Injection Vulnerability: Al-Amthal HRMS Solution-Optimum Remote: Yes Local: Yes Class: Input Validation Error Critical: Moderately critical URL: http://www.example.com/optimum/default.aspx?page=Search&app=Search&srch=[sql] [sql]=[-1/**/UNION/**/ALL/**/SELECT/**/1,2] Published: April 6, 2008 Discovered by: TaMbaRuS (tambarus@gmail.com) Site: www.al-amthal.com Description: Optimum is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Optimum HRMS Application 2.0 is reported vulnerable; other versions may also be affected.