Home page logo
/

bugtraq logo Bugtraq mailing list archives

Aleris Software Systems Web Publisher Calendar SQL injection
From: Joseph.giron13 () gmail com
Date: 23 Oct 2007 22:04:48 -0000



http://www.alerisdata.com/articles/home.asp

There exists an SQL injection vulnerability within the calendar section of a Aleris Software Systems web publisher. It 
seems thats Aleris uses this same calendar with every site they make that utilizes the publisher.

www.example.com/calendar/page.asp?mode=1%20union%20all%20select%201,2,3,4,5,6%20FROM%20users--

I reported this to aleris and am awaiting a response. No fix yet.


  By Date           By Thread  

Current thread:
  • Aleris Software Systems Web Publisher Calendar SQL injection Joseph . giron13 (Oct 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]