Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

ZH2004-14SA (security advisory):Sql Injection in Infinity WEB

From: "D'Amato Luigi" <admin () securitywireless info>
Date: Sun, 27 Jun 2004 11:42:25 +0100
06/27/2004
 
Vendor contacted: June 1st 2004
Published: June 26th 2004 
Title: Infinity WEB 
Vulnerable versions :1.0 unpatched 

Type: Sql Injection 

Author: D'Amato Luigi from Zone-h Security Labs - securitywireless () zone-h it - admin () securitywireless info 

Vendor: http://www.websoft.it/ 


Description 

**********
Zone-H Security Team has discovered a security flaw in Infinity WEB . This vulnerability could allow malicious 
attackers to bypass the authentication mechanish without having an account. 

Details 

******************************************** 

Due to an improper login validation in the login page it is possible to bypass the authentication mechanism 

Solution 

********** 

The vendor has been contacted and has released a patch 


--- 

D'Amato Luigi from Zone-h Security Labs - 
securitywireless () zone-h it - 
admin () securitywireless info
Admin Security Wireless
http://www.securitywireless.info


 
http://www.zone-h.org/en/advisories/read/id=4892/
Previous By Date Next
Previous By Thread Next

Current thread: