by r0t,der4444,cembo,VietMafia

Thursday, November 24, 2005

IsolSoft Support Center SQL inj.

IsolSoft Support Center SQL inj.
Vuln. dicovered by : r0t
Date: 24 nov. 2005
affected version:Support Center v2.2 and prior

Vuln. Desciption:
Input passed to the "field" parameter and other sub parameters in "search.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

Huhu, irado!!!!!

Mto bom mesmo!!!!!

Very cool

2:17 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew