Daffodil CRM - vulnerable to SQL-injection.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Daffodil CRM - vulnerable to SQL-injection.
From: preben@xxxxxxxxxxx
Date: 30 Jan 2006 21:42:23 -0000

Daffodil CRM does not properly sanities it's input?s on the login page;

http://www.SITE.com:8080/daffodilcrm/userlogin.jsp

Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1

Vendor?s homepage is: http://www.daffodildb.com/crm/

Please credit to: Preben Nyløkken

Prev by Date: Fcrontab - memory corruption on heap.
Next by Date: [ MDKSA-2006:028 ] - Updated php packages fix XSS and response splitting vulnerabilities
Previous by thread: Fcrontab - memory corruption on heap.
Next by thread: [ MDKSA-2006:028 ] - Updated php packages fix XSS and response splitting vulnerabilities
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux