Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Return of the Phrack High Council

From: James Eaton-Lee <james.mailing () gmail com>
Date: Mon, 28 Nov 2005 14:49:32 +0000
On Mon, 2005-11-28 at 14:43 +0000, dead troll wrote:

Maybe he took the site down with his l33t h4x0r skillz, or one of his
'contacts' did lol


Or it could be that there's a a single quote in the URL that Morning
Wood posted, which the webserver doesn't appear to be sanitising (this
would be why Michael Holstein has made a comment about SQL Injection)
and is making the SQL server spit back an error...

 - James.



On 11/28/05, Michael Holstein <michael.holstein () csuohio edu> wrote:
        > http://www.snappoll.com/view_results.php?poll_id='50150
        >
        > Database error: Invalid SQL: SELECT * FROM polls WHERE
        poll_id='50150
        > MySQL Error: 1064 (You have an error in your SQL syntax near
        ''50150' at 
        > line 1)
        > Session halted.
        
        Sounds like a SQL injection test-site to me....
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.grok.org.uk/full-disclosure-charter.html
        Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-- 
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)

sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: