Дополнительная информация Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) SiteXpress SQL Injection SiteXpress SQL Injection [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability ASPintranet SQL Injection From:laurent gaffié <saps.audit_(at)_gmail.com> Date:14 ноября 2006 г.Subject:Mega Mall [ multiples injection sql & full path disclosure ]vendor site: http://products.kaonsoftwares.com/ product: mega-mall bug:injection sql & full path disclosure language: asp risk: high injection sql (get): http://site.com/mega-mall/product_review.php?t=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x =[sql] http://site.com/mega-mall/product_review.php?t=0&productId=1004&sk=USERID &so=[sql] injection sql (post) : http://site.com/mega-mall/order-track.php Variables: /mega-mall/order-track.php?Enter=1&orderNo=[sql] full path dislosure: http://site.com/mega-mall/product_review.php?t=0&productId=1004&t=0&x []= laurent gaffiй & benjamin mossй http://s-a-p.ca/ contact: saps.audit@gmail.com
Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
SiteXpress SQL Injection
[Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability
ASPintranet SQL Injection
