Date: 30 Jan 2006 21:42:23 -0000
From: preben@watchcom.no
To: bugtraq@securityfocus.com
Subject: Daffodil CRM - vulnerable to SQL-injection.
X-Virus-Scanned: antivirus-gw at tyumen.ru
Daffodil CRM does not properly sanities it's input’s on the login page;
http://www.SITE.com:8080/daffodilcrm/userlogin.jsp
Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1
Vendor’s homepage is: http://www.daffodildb.com/crm/
Please credit to: Preben Nyløkken
