On Mon, 2005-11-28 at 14:43 +0000, dead troll wrote:
Maybe he took the site down with his l33t h4x0r skillz, or one of his
'contacts' did lol
Or it could be that there's a a single quote in the URL that Morning
Wood posted, which the webserver doesn't appear to be sanitising (this
would be why Michael Holstein has made a comment about SQL Injection)
and is making the SQL server spit back an error...
- James.
On 11/28/05, Michael Holstein <michael.holstein@csuohio.edu> wrote:
> http://www.snappoll.com/view_results.php?poll_id='50150
>
> Database error: Invalid SQL: SELECT * FROM polls WHERE
poll_id='50150
> MySQL Error: 1064 (You have an error in your SQL syntax near
''50150' at
> line 1)
> Session halted.
Sounds like a SQL injection test-site to me....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
James (njan) Eaton-Lee | 10807960
Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix)
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca: https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
