BroadVision command Injection

[stephen <stephen () dcode net>]

I've come across a web application using BroadVision, that's vulnerable to
script injection.  Trouble is, is that BV doesn't use straight SQL, but
rather some sort of server-side Javascript (seriously).  The command in
the page, looks like this:
Session.serviceOfflineCM.contentByCondition( OWNER_ID = 99999993333 AND
DELETED = 0 AND UPPER(LIST_VALUE) LIKE UPPER('%hello'%') ,US
,'SOME_THING' ,null )

I injected hello' into the vulnerable field.  Any ideas on how to actually
run any code on the server ?  The usual comment characters don't seem to
work (#,;;,//,<--,--).
The web is full of marketing information about BV, but very sparse on
technical/programmatical info, any links to usefull tech info will be
appreciated.

cheers,
Stephen



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/