Re: SQL Injection in saphp "showcat.php"

To: Sw33t.h4cK3r@xxxxxxxxxxx
Subject: Re: SQL Injection in saphp "showcat.php"
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Sun, 2 Dec 2007 04:07:27 +0000 (UTC)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20070704070928.24613.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070704070928.24613.qmail@xxxxxxxxxxxxxxxxx>

: Discovery by :- Sw33t h4cK3r
: powered by : saphp
: ----------------------------
: 
: Exploit :
: http://Example.com/story/showcat.php?forumid=[SQL]

Discovered 2005-10-24
http://archives.neohapsis.com/archives/bugtraq/2005-10/0275.html

Discovered 2006-04-12
http://archives.neohapsis.com/archives/bugtraq/2006-04/0262.html

References:
- SQL Injection in saphp "showcat.php"
  - From: Sw33t . h4cK3r

Prev by Date: [SECURITY] [DSA 1418-1] New cacti packages fix SQL injection
Next by Date: [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps
Previous by thread: SQL Injection in saphp "showcat.php"
Next by thread: Fujitsu-Siemens ServerView Remote Command Execution
Index(es):
- Date
- Thread