Full Disclosure mailing list archives

Re: Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass

From: Michele Orru <antisnatchor () gmail com>
Date: Fri, 2 Dec 2011 14:20:33 +0100

Correction or not correction, this VoxSmart tool just sucks.
 How come they are vulnerable to auth bypass with or 1=1--???
 Hey, we're in 2012 (almost)...wake up

 ahaha

 Cheers
 antisnatchor

On Fri, Dec 2, 2011 at 10:58 AM, Piotr Duszynski <piotr () duszynski eu> wrote:

Small correction regarding the time line of this disclosure:

[Time-line]
14/11/2011 - Vendor notified
2/12/2011 - Vendor response
??? - Vendor patch release
30/11/2011 - Public disclosure

Cheers, @drk1wi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
/antisnatchor

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass Piotr Duszynski (Dec 02)
- Re: Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass Michele Orru (Dec 02)