Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
Aleris Software Systems Web Publisher Calendar SQL injection
Oct 23 2007 10:04PM
Joseph giron13 gmail com
http://www.alerisdata.com/articles/home.asp
There exists an SQL injection vulnerability within the calendar section of a Aleris Software Systems web publisher. It seems thats Aleris uses this same calendar with every site they make that utilizes the publisher.
www.example.com/calendar/page.asp?mode=1%20union%20all%20select%201,2,3,
4,5,6%20FROM%20users--
I reported this to aleris and am awaiting a response. No fix yet.
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
http://www.alerisdata.com/articles/home.asp
There exists an SQL injection vulnerability within the calendar section of a Aleris Software Systems web publisher. It seems thats Aleris uses this same calendar with every site they make that utilizes the publisher.
www.example.com/calendar/page.asp?mode=1%20union%20all%20select%201,2,3,
4,5,6%20FROM%20users--
I reported this to aleris and am awaiting a response. No fix yet.
[ reply ]