关于MySQL的SQL Column Truncation Vulnerabilities
作者:axis
Stefan Esser今天写了篇很棒的文章,提到了关于MySQL里的两个缺陷
http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities
1. max_packet_size 的问题
2. SQL Column Truncation 攻击
我测试了第二个。
阅读全文 »
标签 ‘Vulnerability’ 下的日志
WordPress 2.6.1 SQL Column Truncation Vulnerability
用wordpress的要注意了,不过拿我这里测试就没效果了,我从一开始就是关闭用户注册的。
# WordPress 2.6.1 SQL Column Truncation Vulnerability (PoC)
#
# found by irk4z[at]yahoo.pl
# homepage: http://irk4z.wordpress.com/
#
# this is not critical vuln [;
#
# first, read this discovery:
# http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
#
# in this hack we can remote change admin password, if registration enabled
#
# greets: Stefan Esser, Lukasz Pilorz, cOndemned, tbh, sid.psycho, str0ke and all fiends
阅读全文 »
Google Chrome Browser 0.2.149.27 malicious link DoS Vulnerability
—————————————————
Software:
Google Chrome Browser 0.2.149.27
Tested:
Windows XP Professional SP3
Result:
Google Chrome Crashes with All Tabs
阅读全文 »
[Advisory Update]Adobe Reader/Acrobat Remote Vul
[UPDATE]Adobe Reader/Acrobat Remote PDF Print Silently Vulnerability
by cocoruder([email protected])
http://ruder.cdut.net, updated on 2008.05.06
Summary:
A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user’s permission.
Affected Software Versions:
Adobe Reader 8.1.1 and earlier versions
Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier versions
Details:
This vulnerablity due to the design error of the javascript fucntion “DOC.print()”, following are the annotates of the function in Adobe’s Javascript API Reference(named “js_api_reference.pdf”):
Tags: Adobe, Adobe Acrobat Reader, Adobe Reader, Advisory, Vulnerabilitydedecms v5.1 WriteBookText() code injection vul
来源:Ph4nt0m Google Group
by [email protected]
QQ:378367942
\include\inc_bookfunctions.php
—————————————————
……
function WriteBookText($cid,$body)
{ 阅读全文 »
OBlog Sql Injection Vulnerability
官方已经修正该漏洞。
–==+=================== www.nspcn.org =================+==–
–==+ OBlog (tags.asp) Remote SQL Injection Exploit +==–
–==+====================================================================================+==–
#Author: Whytt & Tr4c3[at]126[dot]com
#版权所有:http://www.nspcn.org & [BK瞬间群] & Whytt
#漏洞文件tags.asp
阅读全文 »
[Advisory]Adobe Flash CS3 Pro FLA Parsing Vuls
by cocoruder([email protected])
http://ruder.cdut.net
Summary:
More than three local code execute vulnerabilities exist in Adobe Flash CS3 Professional while it is parsing FLA files. An attacker who successfully exploit these vulnerabilities can run arbitrary code on the affected system.
Affected Software Versions:
Adobe Flash CS3 Professional 9.0
阅读全文 »
BBSxp 2008 (Build: 8.0.4) Sql Injection Vulnerability
============================================
首发http://www.nspcn.org ,转载请保留此处版权
============================================
漏洞发布:Tr4c3[at]126[dot]Com
影响版本 BBSxp 2008 (Build: 8.0.4)其他版本未看
漏洞文件:MoveThread.asp
MoveThread.asp行2-24
阅读全文 »
