[Full-disclosure] BitDefender | World Wide Pay - SQL Injection / LFI / XSS
Schap Security
schap.security at gmail.com
Tue Jun 2 21:29:55 BST 2009
Hi
The bit defender sql injection is re stated again. A severe sql injection
has been noticed in the bitdefender [ir] website. It
is possible to extract all records from the system.
The world wide pay website suffers from local file inclusion and cross site
scripting.
For proof of concept:
http://schap.org/advisories.html
There vulnerabilities are reported but no generic response from vendor.
Kind Regards
SCHAP
http://www.schap.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090603/375dab3a/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.