[ZendTo] Re: Zendto is vulnerable for SQL-Injection
Jules
Jules at Zend.To
Tue May 17 09:43:19 BST 2011
Very good, but exactly what was the process you or it used to achieve this?
I thought I had spotted all the points where this was possible, but
obviously missed one!
Without more details, there's little I can do about it. Which is
obviously not what we both want.
So please send me some more useful information.
Many thanks,
Jules.
On 17/05/2011 08:59, patrick.gaikowski at kaufland.com wrote:
>
> Hi @ all,
>
> i tried to audit zendto with parosproxy (www.parosproxy.org) and found
> out that zendto is vulnerable for SQL-injection. The proxy manipulates
> the claimid and claimpasscode and could blow up the database with
> dropoffs!
>
--
Julian Field MEng CITP CEng
www.Zend.To
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'All programs have a desire to be useful' - Tron, 1982
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20110517/139d93ba/attachment.html
More information about the ZendTo
mailing list