[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] SQL Injection on http://www.salk.edu/events/index.php?id=150

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] SQL Injection on http://www.salk.edu/events/index.php?id=150
From: Madhur Ahuja <ahuja.madhur@xxxxxxxxx>
Date: Tue, 26 Jul 2011 12:04:57 +0530

Retreived data using Sqlmap:

Public Database: salkpublicweb2

Tables:

[5 tables]
+----------+
| category |
| faculty  |
| page     |
| users    |
| video    |
+----------+

The users table contains around 80 username and password entries which
can be easily retrieved.

Madhur

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2285-1] mapserver security update
Next by Date: [Full-disclosure] Google.com - Open Redirect
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2285-1] mapserver security update
Next by thread: [Full-disclosure] Google.com - Open Redirect
Index(es):
- Date
- Thread