mailing list archives
Re: SQL injection in MODX
From: Brandon Perry <bperry.volatile () gmail com>
Date: Sun, 9 Mar 2014 09:22:25 -0500
1 POST /modx/connectors/lang.js.php HTTP/1.1
2 Host: 192.168.1.70
3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0)
4 Accept: */*
5 Accept-Language: en-US,en;q=0.5
6 Accept-Encoding: gzip, deflate
7 Referer: http://192.168.1.70/modx/manager/
8 Cookie: PHPSESSID=v2pnqigca0qfr835vimrknh1k0
9 Connection: keep-alive
10 Content-Length: 64
Haven't worked on it at all since the initial look through.
On Sun, Mar 9, 2014 at 5:39 AM, Peter W <pwilhelmsen () kryptoslogic com>wrote:
Thank you for some interesting posts on the Full Disclosure mailing lists.
Your analysis of the bug is very interesting and I would like to
investigate this issue further.
Could you show me what kind of requests you made to trigger the MySQL
Thank for you time.
Best regards, Peter
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Re: SQL injection in MODX Brandon Perry (Mar 09)