*==== =={ Advisory 14/5/2010 } ======*
*SQL injection vulnerability in SelfComposer CMS
*
*Vendor's Description of Software:*
*# http://www.selfcomposer.it*
*Dork:*
*allinurl:"prodotti.asp?idpadrerif="*
*Application Info:*
*Name: *SelfComposer
*Vulnerability Info:*
*Type: *SQL injection Vulnerability
*Risk: High*
*Fix:*
*N/A*
*Time Table:*
*06/05/2010 - Vendor notified.*
*Additional Info:*
All the input passed via "idprod", "idpadrerif", "idreferenza",
"idpadrerifIstituzionali"
is not properly sanitised before being used in a sql query.
*Solution:*
Input validation of "idprod", "idpadrerif", "idreferenza",
"idpadrerifIstituzionali"
parameters should be corrected.
*Vulnerability:*
# http://[site]/scheda.asp?idprod=[SQLi]&idpadrerif=[SQLi]
# http://[site]/schedaistituzionale.asp?idreferenza=[SQLi]&idpadrerifIstituzionali=[SQLi]
*Credit:*
Discoverd By: Locu
Website: http://xlocux.wordpress.com
Contacts: xlocux[-at-]gmail.com
*============ {EOF} =============*