lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050829165938.32111.qmail@securityfocus.com>
Date: 29 Aug 2005 16:59:38 -0000
From: h4cky0u.org@...il.com
To: bugtraq@...urityfocus.com
Subject: Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities


TITLE:
======

Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities


SEVERITY:
=========

Medium


SOFTWARE:
=========

Land Down Under version 801 and prior

Support Website : http://www.neocrome.net


INFO:
=====

Land Down Under is a multiple portal system which includes many different options like 

forum, statistic, site map, article menu and many more. The portal is powered by PHP and 

MySQL.


BUG DESCRIPTION:
===============

The portal system is vulnerable to various sql injection attacks, here are some examples:

http://localhost/ldu/events.php?c='

http://localhost/ldu/events.php?f=incoming&c='

http://localhost/ldu/events.php?c=%27

http://localhost/ldu/events.php?f=incoming&c=%27

http://localhost/ldu/index.php?c='

http://localhost/ldu/index.php?c=%27

http://localhost/ldu/list.php?c='&s=title&w=asc&o=1&p=1

http://localhost/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1


VENDOR STATUS:
==============

The vendor was contacted using the contacts link on the main page.
No response recieved till date.


CREDITS:
========

This vulnerability was discovered and researched by -

matrix_killer of h4cky0u Security Forums.


mail : matrix_k at abv.bg

web : http://www.h4cky0u.org

Greets to all omega-team members


ORIGINAL:
=========

http://h4cky0u.org/viewtopic.php?t=2371


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ