Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Daffodil CRM - vulnerable to SQL-injection.

From: preben () watchcom no
Date: 30 Jan 2006 21:42:23 -0000
Daffodil CRM does not properly sanities it's input’s on the login page;

http://www.SITE.com:8080/daffodilcrm/userlogin.jsp

Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1

Vendor’s homepage is: http://www.daffodildb.com/crm/

Please credit to: Preben Nyløkken
Previous By Date Next
Previous By Thread Next

Current thread: