lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: 15 Dec 2004 15:28:53 -0000
From: shervin khaleghjou <oil_karchack@...oo.com>
To: bugtraq@...urityfocus.com
Subject: iwebnegar is vulnerable to all kind of sql injections




----------------www.karchack.com----------------
----------------www.karchack.net----------------
describtion :
iwebnegar is farsi weblog software written in php 
http://iwebnegar.co.sr

---------

vulnerabilities :
all files seems to be vulnerable such as comments.php , index.php and also administrator login page
-------------

proof of concept :
for example you can use this link to inject the sql server
http://site/weblog/index.php?string=[sql injection code]
----------------


www.karchack.com
www.karchack.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ