[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass

To: Piotr Duszynski <piotr@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass
From: Michele Orru <antisnatchor@xxxxxxxxx>
Date: Fri, 2 Dec 2011 14:20:33 +0100

Correction or not correction, this VoxSmart tool just sucks.
 How come they are vulnerable to auth bypass with or 1=1--???
 Hey, we're in 2012 (almost)...wake up

 ahaha

 Cheers
 antisnatchor

On Fri, Dec 2, 2011 at 10:58 AM, Piotr Duszynski <piotr@xxxxxxxxxxxx> wrote:
> Small correction regarding the time line of this disclosure:
>
> [Time-line]
> 14/11/2011 - Vendor notified
> 2/12/2011 - Vendor response
> ??? - Vendor patch release
> 30/11/2011 - Public disclosure
>
> Cheers, @drk1wi
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
/antisnatchor

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass
  - From: Piotr Duszynski

Prev by Date: Re: [Full-disclosure] Large password list
Next by Date: [Full-disclosure] Carrier IQ for your phone
Previous by thread: Re: [Full-disclosure] Voxsmart VoxRecord Control Centre - Blind SQLi and auth. bypass
Next by thread: [Full-disclosure] Carrier IQ for your phone
Index(es):
- Date
- Thread