darksecurity.de | Entries tagged as sql injection

SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability

Posted by Stefan Schurtz on Monday, December 5. 2011

Advisory:	Meditate Web Content Editor ‘username_input’ SQL-Injection vulnerability
Advisory ID:	SSCHADV2011-039
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Meditate 1.2
Vendor URL:	http://www.arlomedia.com/
Vendor Status:	fixed
EDB-ID:	18202

======================
Vulnerability Description:
======================

Meditate Web Content Editor is prone to a SQL-Injection vulnerability

Continue reading "SSCHADV2011-039 - Meditate Web Content Editor 'username_input' SQL-Injection vulnerability"

HAKIN9 IT Security Magazin - 12/2011

Posted by Stefan Schurtz on Sunday, December 4. 2011

Well, here is my next article for the German HAKIN9 IT Security Magazin. This time it’s about Web-Security and it holds three examples (XSS, SQL-Injection and Blind SQL-Injection) about, how to identify and fix vulnerabilites in web applications. Tools used for this one are Netsparker Community Edition from mavitunasecurity, Arachni and sqlmap.

And of course not to forget, a big special THANKS to Dr. Philip Walter for his great support!

Well, enough of the words, here are the links: HAKIN9 IT Security Magazin – 12/2011 or here

Enjoy yourself!

SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities

Posted by Stefan Schurtz on Wednesday, October 19. 2011

Advisory:	Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities
Advisory ID:	SSCHADV2011-031
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Yet Another CMS 1.0
Vendor URL:	http://yetanothercms.codeplex.com/
Vendor Status:	informed
EDB-ID:	17997

======================

Vulnerability Description:

======================

Yet Another CMS 1.0 is prone to multiple SQL Injection and XSS vulnerabilities

Continue reading "SSCHADV2011-031 - Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities"

SSCHADV2011-030 - Site@School SQL Injection & XSS vulnerabilities

Posted by Stefan Schurtz on Tuesday, October 18. 2011

Advisory:	Site@School 2.4.10 SQL Injection & XSS vulnerabilities
Advisory ID:	SSCHADV2011-030
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Site@School 2.4.10
Vendor URL:	http://sourceforge.net/projects/siteatschool/
Vendor Status:	insecure and no longer maintained
CVE-ID:	-

======================
Vulnerability Description:
======================

Site@School is prone to multiple SQL Injection and XSS vulernabilities

Continue reading "SSCHADV2011-030 - Site@School SQL Injection & XSS vulnerabilities"

SSCHADV2011-027 - KaiBB 2.0.1 XSS and SQL Injection vulnerabilities

Posted by Stefan Schurtz on Saturday, October 8. 2011

Advisory:	KaiBB 2.0.1 XSS and SQL Injection vulnerabilities
Advisory ID:	SSCHADV2011-027
Author:	Stefan Schurtz
Affected Software:	Successfully tested on KaiBB 2.0.1
Vendor URL:	http://code.google.com/p/kaibb/
Vendor Status:	informed
CVE-ID:	-

======================
Vulnerability Description:
======================

KaiBB 2.0.1 is prone to XSS and SQL Injection vulnerabilities

Continue reading "SSCHADV2011-027 - KaiBB 2.0.1 XSS and SQL Injection vulnerabilities"

SSCHADV2011-026 - openEngine 2.0 'key' Blind SQL Injection vulnerability

Posted by Stefan Schurtz on Saturday, October 8. 2011

Advisory:	openEngine 2.0 ‘key’ Blind SQL Injection vulnerability
Advisory ID:	SSCHADV2011-026
Author:	Stefan Schurtz
Affected Software:	Successfully tested on openEngine 2.0 100226
Vendor URL:	http://www.openengine.de/
Vendor Status:	informed
CVE-ID:	-

======================
Vulnerability Description
======================

The ‘key’ parameter in openEngine 2.0 is prone to a Blind SQL Injection

Continue reading "SSCHADV2011-026 - openEngine 2.0 'key' Blind SQL Injection vulnerability"

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '24
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30