Exploit
badc0re |
|
||||
---|---|---|---|---|---|
Hi i want to report a SQL injection. The request:
Result:
2011-09-18 19:03
On version 9.4 |
esclkm |
|
---|---|
but where was injection??? this field has ALP filter - which filter only [A-Za-z0-z_] try to inject littledev.ru - мой маленький зарождающийся блог о котонти.
снижение стоимости программирования и снижение стоимости производства разные вещи. Первое можно скорее сравнить с раздачей работникам дешевых инструментов, чем со снижением зарплаты |
badc0re |
|
---|---|
#30749 esclkm: Added 2 minutes later: Well the search is vulnerable. Try it by yourself. Maybe it's not exploitable but it could lead to information extraction. |
|
Dieser Beitrag wurde von badc0re (am 18. September 2011, 21:46, vor 13 Jahre) bearbeitet |
Trustmaster |
|
---|---|
It is more path disclosure than SQL injection, but thank you for the report! May the Source be with you!
|
badc0re |
|
||
---|---|---|---|
Take a look at
|
Trustmaster |
|
---|---|
It's a little harm anyways and it'll be fixed in 0.9.5, thank you once again for the report! May the Source be with you!
|
badc0re |
|
---|---|
No problem man. |
GHengeveld |
|
---|---|
Actually this isn't really a problem. Production sites should have error reporting disabled, so it won't show the SQL error or backtrace. Nevertheless its good to report these things. |