ID 1337DAY-ID-9965 Type zdt Reporter Bernardo Trigo Modified 2009-11-03T00:00:00
Description
Exploit for unknown platform in category web applications
==================================
Xerox Fiery Webtools SQL Injection
==================================
Hello i am from portugal and i would like to report a new
vulnerability in Xerox Fiery Webtools. The probleam is in /wt3/
summary.php?select= if you and ' you have the possibility to exploit
this condition to inject SQL code.
Already have contact the vendor
best regards
Bernardo Trigo
Qualidade e Seguran�a
Centro de Inform�tica Prof. Correia de Ara�jo (CICA)
Faculdade de Engenharia da Universidade do Porto (FEUP)
AVISO LEGAL
Esta mensagem � confidencial e dirigida apenas ao destinat�rio. Se a
recebeu por erro solicitamos que o comunique ao remetente e a elimine
assim como qualquer documento anexo. N�o h� ren�ncia �
confidencialidade nem a nenhum privil�gio devido a erro de transmiss�o.
Qualquer opini�o expressa nesta mensagem pertence unicamente ao autor
remetente, e n�o representa necessariamente a opini�o a n�o ser que
expressamente se diga que o remetente est� autorizado para o efectuar.
DISCLAIMER
This message is confidential and intended exclusively for the
addressee. If you received this message by mistake please inform the
sender and delete the message and attachments. No confidentiality nor
any privilege regarding the information is waived or lost by any
mistransmission.
Any views or opinions contained in this message are solely those of
the author, and do not necessarily represent , unless specifically
stated and the sender is authorized to do so.
# 0day.today [2018-04-12] #
{"published": "2009-11-03T00:00:00", "id": "1337DAY-ID-9965", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 0.7, "vector": "NONE", "modified": "2018-04-12T23:57:58", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/HTTP/EPMP1000_WEB_LOGIN", "MSF:AUXILIARY/SCANNER/UBIQUITI/UBIQUITI_DISCOVER", "MSF:AUXILIARY/SCANNER/HTTP/FORTINET_SSL_VPN", "MSF:EXPLOIT/MULTI/MYSQL/MYSQL_UDF_PAYLOAD", "MSF:POST/WINDOWS/MANAGE/ARCHMIGRATE", "MSF:EXPLOIT/MULTI/HTTP/ATUTOR_SQLI", "MSF:AUXILIARY/SCANNER/REDIS/REDIS_LOGIN", "MSF:POST/WINDOWS/MANAGE/ROLLBACK_DEFENDER_SIGNATURES", "MSF:POST/WINDOWS/MANAGE/FORWARD_PAGEANT", "MSF:EXPLOIT/WINDOWS/LOCAL/BYPASSUAC_EVENTVWR"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310141021"]}, {"type": "exploitdb", "idList": ["EDB-ID:38345"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:B4CD5FFF3A0DA1DC3CAA1BE6B657FBFF"]}], "modified": "2018-04-12T23:57:58", "rev": 2}, "vulnersScore": 0.7}, "type": "zdt", "lastseen": "2018-04-12T23:57:58", "edition": 2, "title": "Xerox Fiery Webtools SQL Injection", "href": "https://0day.today/exploit/description/9965", "modified": "2009-11-03T00:00:00", "bulletinFamily": "exploit", "viewCount": 5, "cvelist": [], "sourceHref": "https://0day.today/exploit/9965", "references": [], "reporter": "Bernardo Trigo", "sourceData": "==================================\r\nXerox Fiery Webtools SQL Injection\r\n==================================\r\n\r\nHello i am from portugal and i would like to report a new \r\nvulnerability in Xerox Fiery Webtools. The probleam is in /wt3/\r\nsummary.php?select= if you and ' you have the possibility to exploit \r\nthis condition to inject SQL code.\r\n \r\nAlready have contact the vendor\r\n \r\nbest regards\r\n \r\nBernardo Trigo\r\n \r\nQualidade e Seguran�a\r\nCentro de Inform�tica Prof. Correia de Ara�jo (CICA)\r\nFaculdade de Engenharia da Universidade do Porto (FEUP)\r\n \r\nAVISO LEGAL\r\n \r\nEsta mensagem � confidencial e dirigida apenas ao destinat�rio. Se a \r\nrecebeu por erro solicitamos que o comunique ao remetente e a elimine \r\nassim como qualquer documento anexo. N�o h� ren�ncia � \r\nconfidencialidade nem a nenhum privil�gio devido a erro de transmiss�o.\r\nQualquer opini�o expressa nesta mensagem pertence unicamente ao autor \r\nremetente, e n�o representa necessariamente a opini�o a n�o ser que \r\nexpressamente se diga que o remetente est� autorizado para o efectuar.\r\n \r\n \r\n \r\nDISCLAIMER\r\n \r\nThis message is confidential and intended exclusively for the \r\naddressee. If you received this message by mistake please inform the \r\nsender and delete the message and attachments. No confidentiality nor \r\nany privilege regarding the information is waived or lost by any \r\nmistransmission.\r\nAny views or opinions contained in this message are solely those of \r\nthe author, and do not necessarily represent , unless specifically \r\nstated and the sender is authorized to do so.\r\n\r\n\r\n\n# 0day.today [2018-04-12] #"}
