[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] BitDefender | World Wide Pay - SQL Injection / LFI / XSS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] BitDefender | World Wide Pay - SQL Injection / LFI / XSS
From: Schap Security <schap.security@xxxxxxxxx>
Date: Wed, 3 Jun 2009 01:59:55 +0530

Hi
The bit defender sql injection is re stated again. A severe sql injection
has been noticed in the bitdefender [ir] website. It
is possible to extract all records from the system.

The world wide pay website suffers from local file inclusion and cross site
scripting.

For proof of concept:

http://schap.org/advisories.html

There vulnerabilities are reported but no generic response from vendor.

Kind Regards

SCHAP
http://www.schap.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
Next by Date: [Full-disclosure] [SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix information disclosure
Previous by thread: [Full-disclosure] CORE-2009-0420 - Apple CUPS IPP_TAG_UNSUPPORTED Handling null pointer Vulnerability
Next by thread: [Full-disclosure] [SECURITY] [DSA 1810-1] New libapache-mod-jk packages fix information disclosure
Index(es):
- Date
- Thread