[VIM] dvdwolf SQL injection/XSS (fwd)
security curmudgeon
jericho at attrition.org
Mon Jul 24 22:04:56 EDT 2006
This appears to be site specific, for dvdwolf.com
Google search shows these exact path/scripts in relation to it:
Google Directory - Arts > Movies > Titles > S > Shaolin Soccer
DVDWolf.com - Shaolin Soccor -
http://www.dvdwolf.com/templates/dsp_movie.php? u_movieid=73625 Positive
review of the upcoming release from Miramax. ...
www.google.com/Top/Arts/Movies/Titles/S/Shaolin_Soccer/
Everything Tarantino | Kill Bill 2 DVD Coming In August
http://www.dvdwolf.com/templates/dsp_movie.php?u_movieid=74031. But I
agree with the majority opinion: I'm gonna suck it in til I get the boxed
set. ...
www.everythingtarantino.com/data/2004/0519-203156.shtml
---------- Forwarded message ----------
From: CrAzY.CrAcKeR at hotmail.com
To: bugtraq at securityfocus.com
Date: 16 Jun 2006 14:16:33 -0000
Subject: dvdwolf SQL injection/XSS
=============================================
Discovered By: CrAzY CrAcKeR
Site:www.alshmokh.com
I want to thank my friend:-
nono225-mHOn-rageh-Lover Hacker-Breeeeh
BoNy_m-Rootshill-LiNuX_rOOt-Sw33t h4ck3r
=============================================
Example:-
/templates/dsp_movie.php?u_movieid=[SQL]
/templates/dsp_movie.php?u_movieid=[XSS]
===================================
Email: CrAzY.CrAcKeR(at)hotmail(dot)com
More information about the VIM
mailing list