ADVISORIES | March 18, 2010

SQL Injection and Cross-site Scripting at www.courts.wa.gov

By Mike Davis Rich Lundeen & Sean Malone

Discovered: 03.18.10. Reported: 03.23.10. The formID parameter at http://www.courts.wa.gov/forms/ is vulnerable to SQL injection. The searchTerms parameter at http://www.courts.wa.gov/search/index.cfm is vulnerable to cross-site scripting attacks. Exploiting these vulnerabilities would likely expose sensitive data and may result in compromise of the affected systems.

Launch PDF

penetration testing

©2025 IOActive Inc. All Rights Reserved. This website, including all material, images, and data contained herein, are protected by copyright. All rights are reserved. Content may not be used, copied, reproduced, transmitted, or otherwise exploited in any manner, including without limitation, to train generative artificial intelligence (AI) technologies, without IOActive’s prior written consent. Without limiting IOActive’s exclusive rights under copyright laws, IOActive reserves all rights to license uses of this work for generative AI training and development of machine learning language models.