mailing list archives
Re: Re: Confixx 2.0.xx SQL_Injections and reading MySQL Root-PW
From: checker () mail krefeld schulen net
Date: 10 Mar 2004 14:52:53 -0000
In the year 2003 I've successfully tested the following exploit on the
sw-soft confixx demoversion
i am sure - it still works on many servers.
The php safemode is not really a protection against this bug because
there a several possibilities to skip safemode (e.g. "date -f /etc/passwd").
Full-Disclosure - We believe in it.