Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities

from [h4cky0u . org] Network Security [Permanent Link]
Subject: Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities
Date: 29 Aug 2005 16:59:38 -0000 
TITLE:
======

Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities


SEVERITY:
=========

Medium


SOFTWARE:
=========

Land Down Under version 801 and prior

Support Website : http://www.neocrome.net


INFO:
=====

Land Down Under is a multiple portal system which includes many different 
options like 

forum, statistic, site map, article menu and many more. The portal is powered 
by PHP and 

MySQL.


BUG DESCRIPTION:
===============

The portal system is vulnerable to various sql injection attacks, here are some 
examples:

http://localhost/ldu/events.php?c='

http://localhost/ldu/events.php?f=incoming&c='

http://localhost/ldu/events.php?c=%27

http://localhost/ldu/events.php?f=incoming&c=%27

http://localhost/ldu/index.php?c='

http://localhost/ldu/index.php?c=%27

http://localhost/ldu/list.php?c='&s=title&w=asc&o=1&p=1

http://localhost/ldu/list.php?c=%27&s=title&w=asc&o=1&p=1


VENDOR STATUS:
==============

The vendor was contacted using the contacts link on the main page.
No response recieved till date.


CREDITS:
========

This vulnerability was discovered and researched by -

matrix_killer of h4cky0u Security Forums.


mail : matrix_k at abv.bg

web : http://www.h4cky0u.org

Greets to all omega-team members


ORIGINAL:
=========

http://h4cky0u.org/viewtopic.php?t=2371
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Land Down Under 801 And Prior Multiple SQL Injection Vulnerabilities, h4cky0u . org <=
Previous by Date:  [cosmoshop <= 8.10.78] be the shopadmin in one step, innate
Next by Date:  SimplePHPBlog Arbitrary File Deletion and Sample Exploit, 'ken'@FTU
Previous by Thread:  [cosmoshop <= 8.10.78] be the shopadmin in one step, innate
Next by Thread:  SimplePHPBlog Arbitrary File Deletion and Sample Exploit, 'ken'@FTU
Indexes:  [Date] [Thread] [Top] [All Lists]