|
|
|
>>
VUPEN Security / Public Mailing Lists Mirror |
Assigned : VUPEN/ADV-2006-0412
From : preben at watchcom.no
Subject : Daffodil CRM - vulnerable to SQL-injection.
Date : 2006-02-02
Original Message
Daffodil CRM does not properly sanities it's input’s on the login page;
http://www.SITE.com:8080/daffodilcrm/userlogin.jsp
Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1
Vendor’s homepage is: http://www.daffodildb.com/crm/
Please credit to: Preben Nyløkken
Disclaimer : VUPEN Security does not endorse the content of this
message submitted by others to public mailinglists. Messages submitted to public
mailinglists do not necessarily reflect the opinions or policies of VUPEN Security.
VUPEN Security makes no warranties, express or implied, as to the content of the message
in this page or the accuracy and reliability of any messages and other materials
submitted to public mailinglists. Any questions or comments regarding this page
should be sent to
team@vupen.com
|
|
|
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
