Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Enthusiast 3 (Enth3) SQL Injection
Posted by: unsticky
Date: January 22, 2007 02:12PM

Because Securiteam, Secunia, and SecurityTracker have all chosen to ignore me, I'll just be releasing my find here.

Software: Enthusiast 3
Description: Enthusiast 3 (Enth3) is a full-featured, linkware
multiple listing management system.
Vendor URL: http://scripts.indisguise.org/
Versions: 3[.?]
Google Dork: "Powered by Enthusiast 3" inurl:"?cat="
Example URL:
http://[site.com]/[script].php?cat=1%20OR%201%3D1

Options: ReplyQuote
Re: Enthusiast 3 (Enth3) SQL Injection
Posted by: rsnake
Date: January 22, 2007 03:34PM

Ouch. I'm surprised they ignored you. Weird.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Enthusiast 3 (Enth3) SQL Injection
Posted by: unsticky
Date: January 22, 2007 04:52PM

Not the first time. Last time they ignored me it was for a Windows XP Home bug...

Options: ReplyQuote
Re: Enthusiast 3 (Enth3) SQL Injection
Posted by: jungsonn
Date: January 23, 2007 12:06PM

Let me know if you find some in VISTA or IE7 :) but don't give it away; sell it. Seems to be worth a big number of bucks.

Options: ReplyQuote


Sorry, only registered users may post in this forum.