[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] FAO Mark Murtagh from Websense
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] FAO Mark Murtagh from Websense
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Sat, 12 Nov 2005 19:28:06 -0800
>First you missed the comment where I fixed my typo on the thread,
>second, I thought someone of your "hacking" experience, you would have
>been able to translate that message by yourself. In any case, I made
umm, no I doubt I missed anything except your contentless dribble.
but I did notice the "error" of the web application... not only is it
vulnerable to SQL injection, it is also vuln to XSS. Possibly
you would like to enroll in a Zone-H Hands on Hacking Seminar
so you too might be able to understand them too, instead of filling this
list with your paranoid, meglomanic rants.
http://www.biosmagazine.co.uk/op.php?id=314;ok<br>omg<br><b>n3td3v</b>%20rox<br>%20<br>
http://www.nccgroup.com/events/index.aspx
>On 11/13/05, Morning Wood <se_cur_ity@xxxxxxxxxxx> wrote:
> Content Query has failed - SELECT
> opinion.body,opinion.author,opinion.auth_title,opinion.auth_comp,
>
opinion.ptime,opinion.headline,opinion.category,opinion.active,opinion.forum
> , prod_type.name as prod_type, prod_type.id as prod_type_id FROM opinion,
> prod_type WHERE opinion.id = 314\\ AND opinion.active = 1 AND
opinion.ptime
> < 1131846681 AND opinion.category = prod_type.id
>
> sweet!
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/