| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 15 Nov 2006 18:43:05 -0000 From: saps.audit@...il.com To: bugtraq@...urityfocus.com Subject: Aspmforum [ multiples injection sql (get&post)] vendor site:http://www.kervancilar.com/ product:Aspmforum bug:injection sql (get & post) risk:high injection sql get : /forum.asp?baslik='[sql] /forum2.asp?baslik=2&soruid='[sql] /kullanicilistesi.asp?ak=&at=&harf='[sql] /kullanicilistesi.asp?at=baslayan&ak='[sql] once logged : /mesajkutum.asp?eylem=oku&mesajno='[sql] //private message injection sql post: in : /aramayap.asp Variables: kelimeler='[sql] or just post your query into the search engine ... in : /giris.asp Variables: kullaniciadi='[sql]&parola=&I1.x=0&I1.y=0&I1=Submit or just post your query into the username field laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@...il.com
Powered by blists - more mailing lists