 | ||||
| << Previous | INDEX | Search | src / Print | Next >> |
| ||||
| |||||||||||||||
Date: 30 Jan 2006 21:42:23 -0000 From: [email protected] To: [email protected] Subject: Daffodil CRM - vulnerable to SQL-injection. X-Virus-Scanned: antivirus-gw at tyumen.ru Daffodil CRM does not properly sanities it's input’s on the login page; http://www.SITE.com:8080/daffodilcrm/userlogin.jsp Therefore SQL-injection attacks are possible. PoC could be: 1'or'1'='1 Vendor’s homepage is: http://www.daffodildb.com/crm/ Please credit to: Preben Nyløkken
| |||||||||||||||
|
úÁËÌÁÄËÉ ÎÁ ÓÁÊÔÅ ðÒÏÓÌÅÄÉÔØ ÚÁ ÓÔÒÁÎÉÃÅÊ |
Created 1996-2025 by Maxim Chirkov äÏÂÁ×ÉÔØ, ðÏÄÄÅÒÖÁÔØ, ÷ÅÂÍÁÓÔÅÒÕ |