Full Disclosure mailing list archives
Tyger Bug Tracking System Multiple Vulnerability
From: <corrado.liotta () alice it>
Date: Sat, 3 Mar 2007 18:39:06 +0100
-=[--------------------ADVISORY-------------------]=- Tyger Bug Tracking System Author: CorryL [corryl80 () gmail com] -=[-----------------------------------------------]=- -=[+] Application: Tyger Bug Tracking System -=[+] Version: 1.1.3 -=[+] Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script\Sql injection -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.xoned.net -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. Tyger Bug tracking software has been designed and developed or individuals or groups of software developers to manage software development better. By using Tyger teams of developers are able to communicate far better with each fellow developers or end user's which ultimately improves the quality of your software project or product. ..::[ Proof Of Concept ]::.. [Sql injection] http://remote_server/ViewBugs.php?s=[sql]&o=ASC [Xss] http://remote_server/Login.php/>">[XSS] http://remote_server/Register.php/>">[XSS]
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Tyger Bug Tracking System Multiple Vulnerability corrado.liotta (Mar 03)