Home page logo

bugtraq logo Bugtraq mailing list archives

Dynix Webpac Input Validation
From: Wil Allsopp <rogueclient () yahoo co uk>
Date: Tue, 24 Aug 2004 14:45:57 +0100 (BST)

Package: Epixtech / Dynix Webpac
Date: 23/08/2004
Problem Class: Input validation
Advisory: Wil Allsopp
Email: straylight () technophreaks co uk
Vendor status: Informed but unresponsive

Webpac is a widely deployed library solutions system
(search google for webpac) that allows catalogue
services to be provided through a web interface.

The Epixtech / Dynix range of library solutions
software, most notably Webpac, contain numerous SQL
injection flaws. 

Why is this a problem?

Login bypass, command execution via stored procedures
and denial of service attacks against back end
databases. Both early and recent versions are

___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! 

  By Date           By Thread  

Current thread:
  • Dynix Webpac Input Validation Wil Allsopp (Aug 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]