DaffodilCRM.txt

2006-02-03T00:00:00
ID PACKETSTORM:43556
Type packetstorm
Reporter Preben Nylokken
Modified 2006-02-03T00:00:00

Description

                                        
                                            `Daffodil CRM does not properly sanities it's input’s on the login page;  
  
http://www.SITE.com:8080/daffodilcrm/userlogin.jsp  
  
Therefore SQL-injection attacks are possible.  
PoC could be: 1'or'1'='1  
  
Vendor’s homepage is: http://www.daffodildb.com/crm/  
  
Please credit to: Preben Nyløkken  
`