lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1133189372.9079.2.camel@localhost.localdomain>
Date: Mon Nov 28 14:49:37 2005
From: james.mailing at gmail.com (James Eaton-Lee)
Subject: Return of the Phrack High Council

On Mon, 2005-11-28 at 14:43 +0000, dead troll wrote:
> Maybe he took the site down with his l33t h4x0r skillz, or one of his
> 'contacts' did lol
> 
Or it could be that there's a a single quote in the URL that Morning
Wood posted, which the webserver doesn't appear to be sanitising (this
would be why Michael Holstein has made a comment about SQL Injection)
and is making the SQL server spit back an error...

 - James.
> 
> 
> On 11/28/05, Michael Holstein <michael.holstein@...ohio.edu> wrote:
>         > http://www.snappoll.com/view_results.php?poll_id='50150
>         >
>         > Database error: Invalid SQL: SELECT * FROM polls WHERE
>         poll_id='50150
>         > MySQL Error: 1064 (You have an error in your SQL syntax near
>         ''50150' at 
>         > line 1)
>         > Session halted.
>         
>         Sounds like a SQL injection test-site to me....
>         _______________________________________________
>         Full-Disclosure - We believe in it.
>         Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>         Hosted and sponsored by Secunia - http://secunia.com/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-- 
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)

sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051128/351882df/smime.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ