|
Full Disclosure
mailing list archives
Full path disclosure and SQL Injection vulnerabilities in MC Content Manager
From: "MustLive" <mustlive () websecurity com ua>
Date: Sun, 23 Jan 2011 15:25:32 +0200
Hello list!
I want to warn you about Full path disclosure and SQL Injection
vulnerabilities in MC Content Manager.
-------------------------
Affected products:
-------------------------
Vulnerable are only not the latest versions of MC Content Manager.
----------
Details:
----------
Full path disclosure (WASC-13):
http://site/article.php?root=a
SQL Injection (WASC-19):
http://site/article.php?root=-1%20and%20version()=4
------------
Timeline:
------------
2010.11.16 - announced at my site.
2010.11.17 - informed developers.
2011.01.22 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4687/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Full path disclosure and SQL Injection vulnerabilities in MC Content Manager MustLive (Jan 23)
| 
