policosmos Posted July 12, 2007 Author Share Posted July 12, 2007 Quote from: agentsteal on July 08, 2007, 01:46:43 PM Okay yeah now I'm positive this is exploitable it definitely needs to be fixed... http://www.policosmos.com/mail.php?delete=211 UNION ALL SELECT password FROM users How is that query exploitable? When I run it, all it outputs is what it should. Or am I not seeing the result? No all that page does is prove that there's a "users" table and that the column is "password". To actually get the passwords you need to use blind sql fishing, where you query the database one character at a time. But I didn't think you'd want me to do that... http://www.policosmos.com/mail.php?delete=211 UNION ALL SELECT password FROM users pretty much definitely means that users could query the db to get the passwords from the users table... so you should just fix it k K. Just asking. Trying to understand this side of it all. So ... I just noticed that despite me not having touched the registration script, registrations no longer work. The only thing I did was to upgrade from cPanel 10 to 11. I'm baffled. Everything looks fine in the browser, but it no longer adds users to the DB. WTF. Nevermind! The developer is an idiot. I changed a table in the DB and forgot to update the reg script. Duh. Link to comment Share on other sites More sharing options...
Recommended Posts