BitDefender | World Wide Pay - SQL Injection / LFI / XSS

[Schap Security <schap.security () gmail com>]

Hi
The bit defender sql injection is re stated again. A severe sql injection
has been noticed in the bitdefender [ir] website. It
is possible to extract all records from the system.

The world wide pay website suffers from local file inclusion and cross site
scripting.

For proof of concept:

http://schap.org/advisories.html

There vulnerabilities are reported but no generic response from vendor.

Kind Regards

SCHAP
http://www.schap.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/