The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Daffodil CRM - vulnerable to SQL-injection.


<< Previous INDEX Search src / Print Next >>
Date: 30 Jan 2006 21:42:23 -0000
From: preben@watchcom.no
To: bugtraq@securityfocus.com
Subject: Daffodil CRM - vulnerable to SQL-injection.
X-Virus-Scanned: antivirus-gw at tyumen.ru

Daffodil CRM does not properly sanities it's input▓s on the login page;

http://www.SITE.com:8080/daffodilcrm/userlogin.jsp

Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1

Vendor▓s homepage is: http://www.daffodildb.com/crm/

Please credit to: Preben NylЬkken


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру