exploits , vulnerabilities , articles , Aenovo Multiple SQL Injection Vulnerabilities

Title	Aenovo Multiple SQL Injection Vulnerabilities
Published	2005-10-07-12:00AM
Updated	2005-10-17-02:51PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Farhad Koosha & Devil_box are credited with the discovery of this vulnerability.
Vulnerable	aeNovo aeNovoWYSI aeNovo aeNovoShop aeNovo aeNovo
Not Vulnerable
Code	No exploit is required. An HTML proof of concept is available: <html> <h1>Aenovo Login-Bypass PoC - Kapda `s advisory </h1> <p> Discovery and exploit by farhadkey [at} kapda.ir</p> <p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers Institute of Iran</a></p> <form method="POST" action="http://www.example.com/user/control.asp"> <input type="hidden" name="password" value="[SQL Injection]" > <input type="submit" value="Submit" name="B1"> <input type="hidden" name="test" value="1"> </form></html> Other proof of concept URI are also available: AeNovo :Lists username and password of administrators http://www.example.com/search.asp?strSQL=[SQL Injection] AeNovoShop:Lists username and password of administrators http://www.example.com/search.asp?strSQL=[SQL Injection] AeNovoWYSI:Lists username and password of administrators http://www.example.com/search.asp?strSQL=[SQL Injection]
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 13:38:41 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
perevrsius PHP Advanc linux ptra free sex c getright SSH 2.0 4 blue film Visual Bas log4j vulnerabil www.trish all cartoo www.thudam blue film nexustk 200 /compo http://bus boobs porn search/exp www.yblj.c news for c linux 2.0 tito sanak sexy viedo Linux Kern Videos+jue www.sex.ty Hot.Wallpa php-nuke 2 donne nude 1.5.7.1 bb rss to blo Www iranse www.celebr www.3dyuce sexy girrl search%252 www.qnwan. zeher Bollywood www.qyxian Naruto ***rape sexy girl Selebrity http://www hot fat wo 200 /compo Www.desiba tjxzs.com.