Bugtraq mailing list archives
Daffodil CRM - vulnerable to SQL-injection.
From: preben () watchcom no
Date: 30 Jan 2006 21:42:23 -0000
Daffodil CRM does not properly sanities it's inputs on the login page; http://www.SITE.com:8080/daffodilcrm/userlogin.jsp Therefore SQL-injection attacks are possible. PoC could be: 1'or'1'='1 Vendors homepage is: http://www.daffodildb.com/crm/ Please credit to: Preben Nyløkken
Current thread:
- Daffodil CRM - vulnerable to SQL-injection. preben (Jan 30)