[VIM] MaxWebPortal acknowledgement - but for what?
security curmudgeon
jericho at attrition.org
Sat May 14 06:09:55 EDT 2005
: : "MaxWebPortal Version 1.36
: :
: : BUGTRAQ:20050511 [HSC Security Group] MaxWebPortal - Multiple SQL
: : injection/XSS
: : MISC:http://www.hackerscenter.com/archive/view.asp?id=2542
: :
: : ... or some other set of issues.
: :
: : Can't find an email POC, either...
and.. correction =)
Three batches on two days. Two batches from one person, the third from a
second researcher.
Apr 27 = big batch of SQL injection
Soroush Dalili from Grayhatz security
SecurityTracker Alert ID: 1013845
article_popular.asp
article_rate.asp
article_toprated.asp
dl_popular.asp
dl_rate.asp
dl_toprated.asp
pic_popular.a sp
pic_rates.asp
pic_toprated.asp
links_popular.asp
links_rate.asp
links_toprated.asp
May 11 = big batch of SQL injection
Soroush Dalili , From Grayhatz security group
SecurityTracker Alert ID: 1013932
inc_top.asp
inc_function.asp
pic_pop_share.asp
pic_pop_share.asp
pm_dele te2.asp
pm_pop_privatesend_info.asp
pm_view.asp?marknew=1
pop_announce_delete.asp
pop_avatar_delete.asp
pop_delete.asp
pop_profile.asp
privatedelete.asp
privatese nd_info.asp
register.asp
May 11 - SQL and XSS
From: Zinho <zinho at hackerscenter.com>
http://www.hackerscenter.com/archive/view.asp?id=2542
post.asp XSS
inc_functions.asp
post_info.asp
search.asp
pop_profile.asp
pm_delete2.asp
More information about the VIM
mailing list