Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

GOBBLES CGI MARATHON #002
From: "bugtraq" <bugtraq () bugtraq org>
Date: Tue, 25 Dec 2001 23:10:56 GMT
PRODUCT
******* 
AdCycle
http://www.adcycle.com/ 
DESCRIPTION
*********** 
AdCycle is ad rotating software written in Perl language, which uses DBI
with mysql driver to access database. 
AdCycle constructs a very many SQL statement with data taken straight from
untrusted source. Although in many case it use DBI quote(), it still
possible in other cases to perform SQL injection attacks against AdCycle
software to manipulate the server's database. 
VENDOR NOTIFICATION
******************* 
We notified the vendor about 40 minutes ago. No time to tap feet waiting.
This is marathon.

  By Date           By Thread  

Current thread:
  • GOBBLES CGI MARATHON #002 bugtraq (Dec 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]