lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.63.0508092325100.15179@forced.attrition.org>
Date: Tue, 9 Aug 2005 23:35:36 -0400 (EDT)
From: security curmudgeon <jericho@...rition.org>
To: ABDUCTER_MINDS@...OO.COM
Cc: bugtraq@...urityfocus.com
Subject: Re: SQL IN Open Bulletin Board



Each of these has been previously disclosed it seems:

: discussion :- there is many sql in 
:                               (board.php) as wwww.victim.com/openbb/board.php?FID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php

:                               (read.php) as www.victim.com/openbb/read.php?TID=[sql]

2005-05-12
http://archives.neohapsis.com/archives/bugtraq/2005-05/0175.html

:                               (member.php) as www.victim.com/openbb/member.php?action=profile&UID=[sql]

2004-04-24
http://www.gulftech.org/04242004.php


I don't see any indication they were ever fixed, even though a year+ old.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ