Computer Security

Security Advisory: [Aria-Security Team] DuWare DuPortal SQL Injection Vuln
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail

  new xss in modbb forum

  XSS in JAB Guest Book

  Multiple bugs in TFT-Gallery

From:Advisory_(at)_Aria-Security.net <Advisory_(at)_Aria-Security.net>
Date:05.12.2006
Subject:[Aria-Security Team] DuWare DuPortal SQL Injection Vuln

#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=63
#-----------------------------------------------------------
#Software: DuPortal Pro 3.4
#Method: SQL Injection
#Vendor: http://duware.com
#
#PoC:
#http://target/DUportalPro34Demo/Pictures/default.
asp?iChannel=1&nChannel=[SQL Injection]
#http://target/DUportalPro34Demo/Pictures/default.asp?iChannel=[SQL Injection]
#http://target/DUportalPro34Demo/Files/cat.asp?iCat=[SQL Injection]
#http://target/DUportalPro34Demo/Files/cat.asp?iCat=202&iChannel=[SQL Injection]
#
#Contact: Advisory@aria-security.net
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru