Full Disclosure mailing list archives
Re: SQL injection in MODX
From: Brandon Perry <bperry.volatile () gmail com>
Date: Sun, 9 Mar 2014 09:22:25 -0500
1 POST /modx/connectors/lang.js.php HTTP/1.1 2 Host: 192.168.1.70 3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0 4 Accept: */* 5 Accept-Language: en-US,en;q=0.5 6 Accept-Encoding: gzip, deflate 7 Referer: http://192.168.1.70/modx/manager/ 8 Cookie: PHPSESSID=v2pnqigca0qfr835vimrknh1k0 9 Connection: keep-alive 10 Content-Length: 64 11 12 ctx=mgr&topic=topmenu,file,resource,welcome,configcheck&action= Haven't worked on it at all since the initial look through. On Sun, Mar 9, 2014 at 5:39 AM, Peter W <pwilhelmsen () kryptoslogic com>wrote:
Hello Brandon, Thank you for some interesting posts on the Full Disclosure mailing lists. Your analysis of the bug is very interesting and I would like to investigate this issue further. Could you show me what kind of requests you made to trigger the MySQL error? Thank for you time. Best regards, Peter
-- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SQL injection in MODX Brandon Perry (Mar 09)