Full Disclosure mailing list archives
BitDefender | World Wide Pay - SQL Injection / LFI / XSS
From: Schap Security <schap.security () gmail com>
Date: Wed, 3 Jun 2009 01:59:55 +0530
Hi The bit defender sql injection is re stated again. A severe sql injection has been noticed in the bitdefender [ir] website. It is possible to extract all records from the system. The world wide pay website suffers from local file inclusion and cross site scripting. For proof of concept: http://schap.org/advisories.html There vulnerabilities are reported but no generic response from vendor. Kind Regards SCHAP http://www.schap.org
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BitDefender | World Wide Pay - SQL Injection / LFI / XSS Schap Security (Jun 02)