[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] www.Demolay.org - full disclosure sql injection vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] www.Demolay.org - full disclosure sql injection vulnerability
- From: Malice Anonymous <malice.anon@xxxxxxxxx>
- Date: Thu, 8 Apr 2010 14:15:49 -0400
Vulnerable URL
/d_wnl_ads/?did=14&dc=1&gid=28
Users:
demolaymain
demolaystore
phpmyadmin
root
Tables from DEMOLAY database
ADVISOR_TYPE......WORK_GROUP_PERMISSION (75 tables)
This ought to be fixed, SWIM tells me there's tons of personal stuff in
these tables.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/