BugTraq
Back to list
|
Post reply
Daffodil CRM - vulnerable to SQL-injection.
Jan 30 2006 09:42PM
preben watchcom no
Daffodil CRM does not properly sanities it's input?s on the login page;
http://www.SITE.com:8080/daffodilcrm/userlogin.jsp
Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1
Vendor?s homepage is: http://www.daffodildb.com/crm/
Please credit to: Preben Nyløkken
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
http://www.SITE.com:8080/daffodilcrm/userlogin.jsp
Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1
Vendor?s homepage is: http://www.daffodildb.com/crm/
Please credit to: Preben Nyløkken
[ reply ]