Bugtraq mailing list archives

Re: jara 1.6 sql injection vulnerability

From: Henri Salo <henri () nerv fi>
Date: Fri, 28 Oct 2011 10:12:37 +0300

On Sun, Oct 23, 2011 at 01:06:07AM +0200, muuratsalo experimental hack lab wrote:

jara 1.6 sql injection vulnerability

download  http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip

author      muuratsalo
contact     muuratsalo[at]gmail.com

exploit
http://localhost/jara/view.php?id=[SQL Injection]


Still not fixed. Tried to contact vendor via email (as did muuratsalo) without any luck.

http://sourceforge.net/tracker/?func=detail&aid=3428075&group_id=294500&atid=1243901

Best regards,
Henri Salo

Current thread:

jara 1.6 sql injection vulnerability muuratsalo experimental hack lab (Oct 24)
- Re: jara 1.6 sql injection vulnerability Henri Salo (Oct 25)
- Re: jara 1.6 sql injection vulnerability Henri Salo (Oct 28)