lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041023153741.7995.qmail@www.securityfocus.com>
Date: 23 Oct 2004 15:37:41 -0000
From: Rene <l0om@...luded.org>
To: bugtraq@...urityfocus.com
Subject: dwc_articles possible sql injection




author: l0om     
site: www.excluded.org
product: dwc_articles <= 1.6  (maybe other versions too)
problem: possible sql injection



Vendor site?

www.distinctwebcreations.com
note:its currently down.


Vendor status?

Didnt find an email address or phon number.


what is it?

Dwc_Articles is an ASP application designed to add Featured, 
Recent and Popular News through an easy to use administration area. 
Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor, 
Upload, Categories, Multiple Users and more. 


Where is the problem?

Nearly all scripts suffer from possible sql injections.
This may lead an attacker to change websites content or even worse- log in 
as an admin.


Workaround?

currently remove/rename the admin scripts might be a good idea.
iam sorry for no patch included, but i dont own the scripts.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ