|
|
Colapse all |
Post message
RE: Paper: SQL Injection Attacks by Example 2005-01-05 Scovetta, Michael V (Michael Scovetta ca com) (1 replies) David, Actually, to nitpick your comment a bit, stored procedures usually have typed input variables: create procedure foo ( a int, b varchar(20) ) as ... At least in MSSQL, you'd have to do something bad like use sp_executesql or some other function that will re-form a complete sql query and pa [ more ] [ reply ] IBM DB2 XML functions file creation vulnerabilities (#NISR05012005I) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 XML functions file creation vulnerabilities Systems Affected: DB2 8.1 Severity: High risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db [ more ] [ reply ] IBM DB2 XML functions overflows (#NISR05012005H) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 XML functions overflows Systems Affected: DB2 8.1 Severity: High risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-02.txt Date of Pub [ more ] [ reply ] IBM DB2 to_char and to_date Denial Of Service (#NISR05012005G) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 to_char and to_date Denial Of Service Systems Affected: DB2 8.1 Severity: High risk from local Vendor URL: http://www.ibm.com/ Author: Chris Anley [ chris at ngssoftware.com ] Relates to: http://www.ngssoftware.com/advisories/db2-02.txt D [ more ] [ reply ] IBM DB2 Windows Permission Problems (#NISR05012005F) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 Windows Permission Problems Systems Affected: DB2 8.1 Severity: High risk from local Vendor URL: http://www.ibm.com/ Author: Chris Anley [ chris at ngssoftware.com ] Relates to: http://www.ngssoftware.com/advisories/db2-02.txt Date of Pub [ more ] [ reply ] IBM DB2 SATADMIN.SATENCRYPT buffer overflow (#NISR05012005E) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 SATADMIN.SATENCRYPT buffer overflow Systems Affected: DB2 8.1 Severity: Medium risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-02.t [ more ] [ reply ] IBM DB2 JDBC Applet Server buffer overflow (#NISR05012005D) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 JDBC Applet Server buffer overflow Systems Affected: DB2 8.1 Severity: High risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-02.txt [ more ] [ reply ] IBM DB2 call buffer overflow (#NISR05012005C) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 call buffer overflow Systems Affected: DB2 8.1/7.x Severity: High risk from remote Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-02.txt Date of P [ more ] [ reply ] IBM DB2 libdb2.so buffer overflow (#NISR05012005B) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 libdb2.so.1 buffer overflow Systems Affected: DB2 8.1/7.x Severity: High risk from local Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-02.txt Dat [ more ] [ reply ] Paper: SQL Injection Attacks by Example 2005-01-05 Steve Friedl (steve unixwiz net) (1 replies) Hello folks (and Happy New Year), I recently posted this to the PEN-TEST list, but it was suggested that the wider Bugtraq readership might benefit from it. During a recent security review for a customer, I was able to completely compromise his web application in about two hours using SQL Injectio [ more ] [ reply ] IBM DB2 db2fmp buffer overflow (#NISR05012005A) 2005-01-05 NGSSoftware Insight Security Research (nisr nextgenss com) NGSSoftware Insight Security Research Advisory Name: IBM DB2 db2fmp buffer overflow Systems Affected: DB2 8.1/7.x Severity: High risk from local Vendor URL: http://www.ibm.com/ Author: David Litchfield [ david at ngssoftware.com ] Relates to: http://www.nextgenss.com/advisories/db2-02.txt Date of [ more ] [ reply ] DMA[2005-0103a] - 'William LeFebvre "top" format string vulnerability' 2005-01-05 KF (Lists) (kf_lists digitalmunition com) [ GLSA 200501-03 ] Mozilla, Firefox, Thunderbird: Various vulnerabilities 2005-01-05 Thierry Carrez (koon gentoo org) [ GLSA 200501-02 ] a2ps: Insecure temporary files handling 2005-01-04 Thierry Carrez (koon gentoo org) [ GLSA 200501-01 ] LinPopUp: Buffer overflow in message reply 2005-01-04 Thierry Carrez (koon gentoo org) [CLA-2005:910] Conectiva Security Announcement - mplayer 2005-01-05 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : mplayer SUMMARY : Fixes for mplayer vulnerabi [ more ] [ reply ] [SECURITY] [DSA 625-1] New pcal packages fix arbitrary code execution 2005-01-05 joey infodrom org (Martin Schulze) [SECURITY] [DSA 624-1] New zip packages fix arbitrary code execution 2005-01-05 joey infodrom org (Martin Schulze) QWikiwiki directory traversal vulnerability 2005-01-04 Madelman (madelman iname com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: QWikiwiki directory traversal vulnerability Vulnerability discovery: Madelman <madelman AT iname.com> Date: 01/01/2005 Severity: Critical Summary: - -------- QwikiWiki is driven by one core design goal: simplicity. This design goal is codified [ more ] [ reply ] Socket termination, format string and XSS in Soldner Secret Wars 30830 2005-01-04 Luigi Auriemma (aluigi autistici org) MyBB SQL Injection 2005-01-05 scottm spamcop net Description: MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. MyBB has been designed with the end users in mind, you and your subscribers. Full control over your discussion system is presented right at the tip of your fingers, from multiple styles and themes to the [ more ] [ reply ] [SECURITY] [DSA 623-1] New nasm packages fix arbitrary code execution 2005-01-04 joey infodrom org (Martin Schulze) Serious Vulnerabilities In PhotoPost ReviewPost 2005-01-03 GulfTech Security (security gulftech org) Multiple PhotoPost Pro Vulnerabilities 2005-01-03 GulfTech Security (security gulftech org) ########################################################## # GulfTech Security Research January 03, 2005 ########################################################## # Vendor : All Enthusiast, Inc. # URL : http://www.photopost.com/class/ # Version : PhotoPost PHP 4.8.1 && Others # Risk [ more ] [ reply ] 3Com 3CDaemon Multiple Vulnerabilities 2005-01-04 Sowhat . (smaillist gmail com) 3Com 3CDaemon Multiple Vulnerabilities By Sowhat 04.JAN.2005 http://secway.org/advisory/ad20041011.txt [I.T.S] Security Research Team Product Affected: 3Com 3CDaemon 2.0 revision 10 Vendor: www.3Com.com (1) BACKGROUD 3CDaemon is a free popular TFTP, FTP, and Syslog daemon for Microsoft W [ more ] [ reply ] |
|
Privacy Statement |
But that doesn't really matter - you'd attempt to execute your
malicious code at the level where the procedure is executed, not
inside of it.
I.e. the code could be:
sql = " exec spSuperSecure " + one + ", " + two;
We aren't really interested in "spSuperSecure" and it's typed
parame
[ more ] [ reply ]