[<prev] [next>] [day] [month] [year] [list]
Message-ID: <99e73caa0706010445q7d01e05bsbc1c58475ea88aa7@mail.gmail.com>
Date: Fri, 1 Jun 2007 13:45:32 +0200
From: "MC Iglo" <mc.iglo@...glemail.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: static XSS / SQL-Injection in Omegasoft Insel
Input passed to fields in OmegaMw7's tables isn't properly sanitized
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site and/or inject SQL-Commands
This applies to many many standard fields in different tables
e.g. F05003, F05005, F05015
and to all user-created text fields using the form creator (you cannot
do it a different way)
kind regards
MC.Iglo
Powered by blists - more mailing lists