[Full-Disclosure] Re: Re: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW
From: <checker@mail.krefeld.schulen.net>
Date: Wed Mar 10 2004 - 09:52:53 EST
Date: Wed Mar 10 2004 - 09:52:53 EST
In the year 2003 I've successfully tested the following exploit on the
sw-soft confixx demoversion
i am sure - it still works on many servers.
The php safemode is not really a protection against this bug because
there a several possibilities to skip safemode (e.g. "date -f /etc/passwd").
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Wed Mar 10 11:29:44 2004
This archive was generated by hypermail 2.1.8 : Wed Mar 10 2004 - 12:02:55 EST
Custom Search
