lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f5dc671003201230j25d88d7bv46528a01bbccb82a@mail.gmail.com>
Date: Sat, 20 Mar 2010 19:30:46 +0000
From: Benji <me@...ji.com>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SQL DB Structure Extraction vulnerabilities

oh dude, I've missed you.

On Wed, Mar 17, 2010 at 9:36 PM, MustLive <mustlive@...security.com.ua>wrote:

> Hello Full-Disclosure!
>
> Yesterday I wrote English version of my article SQL DB Structure Extraction
> vulnerabilities (http://websecurity.com.ua/4038/).
>
> There is such variety of Information Leakage vulnerabilities as SQL DB
> Structure Extraction. This vulnerability lie in that there is information
> leakage in web application about structure of the database. This
> information
> leakage can be of use at SQL Injection attack.
>
> Such vulnerability I found first time already in 2006 (at one site) and
> gave
> it this name. Such vulnerabilities I found at many web sites and also in
> many web applications.
>
> In the article I talked about SQL DB Structure Extraction, different
> variants of SQL Errors (three variants) and about difference between SQL DB
> Structure Extraction and SQL Error.
>
> You can read the article SQL DB Structure Extraction vulnerabilities at my
> site: http://websecurity.com.ua/4038/
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ