LDF Sql injection vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: LDF Sql injection vulnerability
From: arash.setayeshi@xxxxxxxxx
Date: Fri, 23 Jan 2009 20:19:31 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Product : LDF 
vendor : www.ldf.22.cn

LDF Sql injection vulnerability (in login.asp page) =>

example : 
http://example/[ldf path]/login.asp?user=[SQL COMMAND]

Prev by Date: Nokia Multimedia Player (.AVI File) Null Dereference Pointer Exploit
Next by Date: /bin/login DoS remains after DSA-1709
Previous by thread: Nokia Multimedia Player (.AVI File) Null Dereference Pointer Exploit
Next by thread: /bin/login DoS remains after DSA-1709
Index(es):
- Date
- Thread