|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
static XSS / SQL-Injection in Omegasoft Insel
From: MC Iglo (mc.iglo
googlemail.com)
Date: Fri Jun 01 2007 - 06:45:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Input passed to fields in OmegaMw7's tables isn't properly sanitized
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected site and/or inject SQL-Commands
This applies to many many standard fields in different tables
e.g. F05003, F05005, F05015
and to all user-created text fields using the form creator (you cannot
do it a different way)
kind regards
MC.Iglo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]