Re: Re: Invision Gallery 2.0.6 ( SQL Injection )

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Invision Gallery 2.0.6 ( SQL Injection )
From: an0n@xxxxxxxx
Date: 5 May 2006 16:43:18 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

I checked this yesterday night. The pass_hash is well retrieved, but modifying 
the pass_hash and the user id in the cookies (thanks to BurpSuite) does not 
affect the behaviour of the server... I might have done something wrong...

Prev by Date: Intel wireless service s24evmon.exe confidential information disclosure.
Next by Date: phpBB 2.0.20 Full Path Disclosure and SQL Errors
Previous by thread: Re: Invision Gallery 2.0.6 ( SQL Injection )
Next by thread: Oracle, where are the patches???
Index(es):
- Date
- Thread