Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
fantasticcontraption.com sql injection
Posted by: stef4o
Date: August 12, 2008 01:03PM

well here's what i've got
http://fantasticcontraption.com/retrieveLevel.php
vulnerable post parameter "id"
an other post parameter that might be used "loadDesign=1"
i'm too lazy to exploit it so i post it here if somebody is interested.
gr33tz.

Options: ReplyQuote
Re: fantasticcontraption.com sql injection
Posted by: Kyo
Date: August 12, 2008 05:01PM

thanks, but this belongs in the full disclosure department

Options: ReplyQuote


Sorry, only registered users may post in this forum.