Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] phpWebSite 0.10.1 Full SQL Injection
From: h4cky0u (h4cky0u.orggmail.com)
Date: Tue Aug 16 2005 - 19:19:50 CDT
phpWebSite 0.10.1 Full SQL Injection
phpWebSite 0.10.1 Full
phpWebSite provides a complete web site content management system.
phpWebSite 0.10.1 full is vulnerable to an sql injection attack. Here
is an example:
DB Error: syntax error
SELECT show_block, block_title FROM mod_search WHERE
module='[sql_injection]' [nativecode=1064 ** You have an error in your
SQL syntax. Check the manual that corresponds to your MySQL server
version for the right syntax to use near ''[sql_injection]'' at line
A simple filter function will do or make the script to accept only
The vendors were contacted but no response received.
This vulnerability was discovered and researched by
matrix_killer of h4cky0u Security Forums.
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!
(In)Security at its best...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/