info
discussion
exploit
solution
references
Daffodil CRM Userlogin.ASP SQL Injection Vulnerability
An exploit is not required.
The following proof of concept example is available:
http://www.example.com:8080/daffodilcrm/userlogin.jsp
PoC could be: 1'or'1'='1
Privacy Statement
Copyright 2010, SecurityFocus
