| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Oct 2005 14:28:40 +0400 (MSD)
From: poizon@...urityinfo.ru
To: bugtraq@...urityfocus.com
Subject: DboardGear - uncorrect import themes (SQL-inject)
Hello all.
I m check it:
>>>>>>>>>>>>>>>>>>>
DboardGear ..
Search By Google :-
by DboardGear
Gr33tz :-
aLMaSTeR HaCKeR .. SQL Injection's FOunder - | almaster <at>
hotmail.com|-
Security4Arab .. A'Where Home ..
1- SQL Injection in buddy.php
http://www.site.com/dboard/buddy.php?action=add&buddy=|aLMaSTeR
2-SQL Injection in u2a.php
http://www.site.com/dboard/u2u.php?action=view&u2uid=|aLMaSTeR
Error:
You have an error in your SQL syntax near '' at line 1
>>>>>>>>>>>>>>>
and find new bug in this board.
SQL-inject available in /dboard/ctrtools.php?action=themes, when you try
import incorrect (not valid) Theme File. I'm just try import text file
with listing my home catalog, and i got it error:
You have an error in your SQL syntax near ') VALUES)' at line 1
I'm not authorizated on board.
-------------------------------------------------------
Sory for my english, it's not my primary language.
---------------------------------------------------------
http://www.securityinfo.ru
Powered by blists - more mailing lists