by r0t,der4444,cembo,VietMafia

Monday, November 14, 2005

Sql injection in 3CFR


Author: r0t (hackers.by.lv)
Date: 14. nov 2005
software: 3CFR
vendor: http://www.3cfr.com/

software description:
3CFR solutions are dedicated to professional web sites creation and hosting. Especially designed for beginners wishing to get a professional showcase on Internet, 3CFR solutions offer a wide range of custom-made add-ons (newsletter, diary,...) for your website creation, hosting and updating.
Our user friendly solutions only need an Internet connection and no special skill in the Internet field. They will allow your company to create simply and quickly a dynamic web site.


Vulnerability Description

Input passed to the "LangueID" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.










PS. Nothing special with 3 minutes reasearch i found , so there can be more vuln, i didnt downloaded that software.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew