Full Disclosure mailing list archives
Amiro.CMS <= 5.4.4 SQL inj
From: Владимир Воронцов <vladimir.vorontsov () onsec ru>
Date: Thu, 22 Apr 2010 09:52:26 +0400
In the system of site management Amiro.CMS found a critical vulnerability introduction operators database. The vulnerability allows an attacker, in particular, to compromise a target system, gain administrative access. Vulnerability has been discovered introduction of operators database at user registration. An attacker can fill in the "signature in the forum" with special data and affect the structure of the query to the DBMS. Information about the request not be displayed on the screen, thus possibly conduct "blind" injections in order to obtain data or injections in order to displace the data. Injection takes place in the operator database INSERT. Further details were not disclosed at the request of the developer. Original at Russian: http://onsec.ru/vuln?id=20 -- Best regards, Vladimir Vorontsov ONsec security expert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Amiro.CMS <= 5.4.4 SQL inj Владимир Воронцов (Apr 21)
- Re: Amiro.CMS <= 5.4.4 SQL inj Henri Salo (Apr 22)
- Message not available
- Re: Amiro.CMS <= 5.4.4 SQL inj Henri Salo (Apr 22)
- Message not available
- Re: Amiro.CMS <= 5.4.4 SQL inj Henri Salo (Apr 22)