Hosting Provided By

Re: dvddb-0.6 media sql-inj. vuln.

From: <james(at)globalmegacorp.org>
Date: Tue Oct 02 2007 - 15:28:19 EDT

This exploit is incorrect. There is no SQL injection attack here. The $user variable is sanitized prior to passing to the function in common.php, and calling the file directly does nothing because it's just a function definition. Received on Tue Oct 2 16:52:15 2007

This message: [ Message body ]
Next message: Noah Meyerhans: "[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution"
Previous message: ascii: "Original Photo Gallery Remote Command Execution"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:18:51 EDT