Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: ZH2004-14SA (security advisory):Sql Injection in Infinity WEB

ZH2004-14SA (security advisory):Sql Injection in Infinity WEB

From: D'Amato Luigi <admin_at_securitywireless.info>
Date: Sun, 27 Jun 2004 11:39:57 +0100

06/27/2004

Vendor contacted: June 1st 2004
Published: June 26th 2004
Title: Infinity WEB
Vulnerable versions :1.0 unpatched

Type: Sql Injection

Author: D'Amato Luigi from Zone-h Security Labs -
securitywireless_at_zone-h.it - admin_at_securitywireless.info

Vendor: http://www.websoft.it/

Description

**********
Zone-H Security Team has discovered a security flaw in Infinity WEB . This
vulnerability could allow malicious attackers to bypass the authentication
mechanish without having an account.

Details

********************************************

Due to an improper login validation in the login page it is possible to
bypass the authentication mechanism

Solution

**********

The vendor has been contacted and has released a patch

---

D'Amato Luigi from Zone-h Security Labs -
securitywireless_at_zone-h.it -
admin_at_securitywireless.info
Admin Security Wireless
http://www.securitywireless.info

http://www.zone-h.org/en/advisories/read/id=4892/
Received on Jun 28 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos