| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 29 Aug 2005 16:59:38 -0000 From: h4cky0u.org@...il.com To: bugtraq@...urityfocus.com Subject: Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities TITLE: ====== Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities SEVERITY: ========= Medium SOFTWARE: ========= Land Down Under version 801 and prior Support Website : http://www.neocrome.net INFO: ===== Land Down Under is a multiple portal system which includes many different options like forum, statistic, site map, article menu and many more. The portal is powered by PHP and MySQL. BUG DESCRIPTION: =============== The portal system is vulnerable to various sql injection attacks, here are some examples: http://localhost/ldu/events.php?c=' http://localhost/ldu/events.php?f=incoming&c=' http://localhost/ldu/events.php?c=%27 http://localhost/ldu/events.php?f=incoming&c=%27 http://localhost/ldu/index.php?c=' http://localhost/ldu/index.php?c=%27 http://localhost/ldu/list.php?c='&s=title&w=asc&o=1&p=1 http://localhost/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1 VENDOR STATUS: ============== The vendor was contacted using the contacts link on the main page. No response recieved till date. CREDITS: ======== This vulnerability was discovered and researched by - matrix_killer of h4cky0u Security Forums. mail : matrix_k at abv.bg web : http://www.h4cky0u.org Greets to all omega-team members ORIGINAL: ========= http://h4cky0u.org/viewtopic.php?t=2371
Powered by blists - more mailing lists