exploit:
a few examples:
1) "HowTo find Administrator Accounts"
+http://shophost.com/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?order_rn=9+union+select+s
+hlogid+as+mestname,0+from+shopper+where+shshtyp+%3d+'A';
2) "Passwords(crypted)"
On Tue, 6 Feb 2001, Emil Popov wrote:
Any thoughts, fixes, ideas??
The best way is to add 0 to the order_rn before using it. if the
operation passes, the input was an int. If it failed, then it wasnt and
something funky was attempted. This is obviously only going to prevent
munging of
Those look really funny, anyone know the what algorythm is used, i suppose
it's the standard db2 function, but haven't tried that yet.
.. because of the column type this is just a hexadecimal representation ..
you can easily convert it to char ...
3) "Password-Reminders"
Actually these are
hola friends,
while i was participating on the openhack contest
i found a couple of serious security-holes within ibm s
so called "netcommerce" thing which seems to be a mixture of
websphere, net.data, servlets, jsp s and db2?
however..summary:
class: input validation error
remote: yes
local: