aleris-sql.txt

aleris-sql.txt: Posted Oct 25, 2007; Authored by Joseph Giron; The calendar section of Aleris Software Systems is vulnerable to SQL injection attacks.; tags | exploit, sql injection; SHA-256 | 394a23b4c354be7744741be4da6eb6a53556c1c79698b1c9077efe03a8dee658; Download | Favorite | View

aleris-sql.txt



http://www.alerisdata.com/articles/home.asp

There exists an SQL injection vulnerability within the calendar section of a Aleris Software Systems web publisher. It seems thats Aleris uses this same calendar with every site they make that utilizes the publisher.

www.example.com/calendar/page.asp?mode=1%20union%20all%20select%201,2,3,4,5,6%20FROM%20users--

I reported this to aleris and am awaiting a response. No fix yet.

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

aleris-sql.txt

aleris-sql.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

aleris-sql.txt

Share This

aleris-sql.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems