lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Oct 2005 14:28:40 +0400 (MSD) From: poizon@...urityinfo.ru To: bugtraq@...urityfocus.com Subject: DboardGear - uncorrect import themes (SQL-inject) Hello all. I m check it: >>>>>>>>>>>>>>>>>>> DboardGear .. Search By Google :- by DboardGear Gr33tz :- aLMaSTeR HaCKeR .. SQL Injection's FOunder - | almaster <at> hotmail.com|- Security4Arab .. A'Where Home .. 1- SQL Injection in buddy.php http://www.site.com/dboard/buddy.php?action=add&buddy=|aLMaSTeR 2-SQL Injection in u2a.php http://www.site.com/dboard/u2u.php?action=view&u2uid=|aLMaSTeR Error: You have an error in your SQL syntax near '' at line 1 >>>>>>>>>>>>>>> and find new bug in this board. SQL-inject available in /dboard/ctrtools.php?action=themes, when you try import incorrect (not valid) Theme File. I'm just try import text file with listing my home catalog, and i got it error: You have an error in your SQL syntax near ') VALUES)' at line 1 I'm not authorizated on board. ------------------------------------------------------- Sory for my english, it's not my primary language. --------------------------------------------------------- http://www.securityinfo.ru
Powered by blists - more mailing lists