|
Full Disclosure
mailing list archives
BitDefender | World Wide Pay - SQL Injection / LFI / XSS
From: Schap Security <schap.security () gmail com>
Date: Wed, 3 Jun 2009 01:59:55 +0530
Hi
The bit defender sql injection is re stated again. A severe sql injection
has been noticed in the bitdefender [ir] website. It
is possible to extract all records from the system.
The world wide pay website suffers from local file inclusion and cross site
scripting.
For proof of concept:
http://schap.org/advisories.html
There vulnerabilities are reported but no generic response from vendor.
Kind Regards
SCHAP
http://www.schap.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- BitDefender | World Wide Pay - SQL Injection / LFI / XSS Schap Security (Jun 02)
| 
