Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DboardGear - uncorrect import themes (SQL-inject)

from [poizon] Network Security [Permanent Link]
Subject: DboardGear - uncorrect import themes (SQL-inject)
Date: Tue, 25 Oct 2005 14:28:40 +0400 (MSD) 
Hello all.
I m check it:



DboardGear ..
Search By Google :-
by DboardGear
Gr33tz :-
         aLMaSTeR HaCKeR .. SQL Injection's FOunder   - | almaster <at>
hotmail.com|-
         Security4Arab .. A'Where Home ..
1- SQL Injection in buddy.php
http://www.site.com/dboard/buddy.php?action=add&buddy=|aLMaSTeR
2-SQL Injection in u2a.php
http://www.site.com/dboard/u2u.php?action=view&u2uid=|aLMaSTeR
Error:
You have an error in your SQL syntax near '' at line 1



and find new bug in this board.
SQL-inject available in /dboard/ctrtools.php?action=themes, when you try
import incorrect (not valid) Theme File. I'm just try import text file
with listing my home catalog, and i got it error:
You have an error in your SQL syntax near ') VALUES)' at line 1

I'm not authorizated on board.
-------------------------------------------------------
Sory for my english, it's not my primary language.
---------------------------------------------------------
http://www.securityinfo.ru
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • DboardGear - uncorrect import themes (SQL-inject), poizon <=
Previous by Date:  [Full-disclosure] Skype security advisory, . EADS CCR DCR/STI/C
Next by Date:  Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora
Previous by Thread:  [Full-disclosure] Skype security advisory, . EADS CCR DCR/STI/C
Next by Thread:  Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through, Andrey Bayora
Indexes:  [Date] [Thread] [Top] [All Lists]