[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Aleris Software Systems Web Publisher Calendar SQL injection
From:       Joseph.giron13 () gmail ! com
Date:       2007-10-23 22:04:48
Message-ID: 20071023220448.30371.qmail () securityfocus ! com
[Download RAW message or body]



http://www.alerisdata.com/articles/home.asp

There exists an SQL injection vulnerability within the calendar section of a Aleris \
Software Systems web publisher. It seems thats Aleris uses this same calendar with \
every site they make that utilizes the publisher.

www.example.com/calendar/page.asp?mode=1%20union%20all%20select%201,2,3,4,5,6%20FROM%20users--


I reported this to aleris and am awaiting a response. No fix yet.


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic