[36279] in bugtraq
Dynix Webpac Input Validation
daemon@ATHENA.MIT.EDU (=?iso-8859-1?q?Wil=20Allsopp?=)
Thu Aug 26 01:26:50 2004
Message-ID: <20040824134557.70791.qmail@web25004.mail.ukl.yahoo.com>
Date: Tue, 24 Aug 2004 14:45:57 +0100 (BST)
From: =?iso-8859-1?q?Wil=20Allsopp?= <rogueclient@yahoo.co.uk>
Reply-To: straylight@technophreaks.co.uk
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Package: Epixtech / Dynix Webpac
Date: 23/08/2004
Problem Class: Input validation
Advisory: Wil Allsopp
Email: straylight@technophreaks.co.uk
Vendor status: Informed but unresponsive
Description
-----------
Webpac is a widely deployed library solutions system
(search google for webpac) that allows catalogue
services to be provided through a web interface.
The Epixtech / Dynix range of library solutions
software, most notably Webpac, contain numerous SQL
injection flaws.
Why is this a problem?
----------------------
Login bypass, command execution via stored procedures
and denial of service attacks against back end
databases. Both early and recent versions are
vulnerable.
___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
