[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
omnistar article manager [multiples injection sql]
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: omnistar article manager [multiples injection sql]
- From: saps.audit@xxxxxxxxx
- Date: 8 Nov 2006 22:46:44 -0000
vendor site:http://www.omnistararticle.com/
product :omnistar article manager
bug:injection sql
risk : high
path:
/articles/comments.php?article_id='[sql]
/articles/article.php?op=save&article_id='[sql]
/articles/pages.php?page_id='[sql]
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: saps.audit@xxxxxxxxx