On Mon, 2005-11-28 at 14:43 +0000, dead troll wrote: > Maybe he took the site down with his l33t h4x0r skillz, or one of his > 'contacts' did lol > Or it could be that there's a a single quote in the URL that Morning Wood posted, which the webserver doesn't appear to be sanitising (this would be why Michael Holstein has made a comment about SQL Injection) and is making the SQL server spit back an error... - James. > > > On 11/28/05, Michael Holstein <michael.holstein@xxxxxxxxxxx> wrote: > > http://www.snappoll.com/view_results.php?poll_id='50150 > > > > Database error: Invalid SQL: SELECT * FROM polls WHERE > poll_id='50150 > > MySQL Error: 1064 (You have an error in your SQL syntax near > ''50150' at > > line 1) > > Session halted. > > Sounds like a SQL injection test-site to me.... > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- James (njan) Eaton-Lee | 10807960 Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/