Nmap Development mailing list archives

Re: Scripts needing @output sections

From: Gutek <ange.gutek () gmail com>
Date: Fri, 02 Apr 2010 09:47:18 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sql-injection
(test conditions : there *actually* was an SQL inj. on the target.
Vulnerability spotted : http://seclists.org/bugtraq/2010/Mar/53)

PORT   STATE SERVICE
80/tcp open  http
| sql-injection: Host might be vulnerable
| /a_index.php?id_str=1'%20OR%20sqlspider
| /a_index.php?id_str=1'%20OR%20sqlspider
| /a_index.php?id_str=2'%20OR%20sqlspider
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=ozdoby
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=kolczyki+z+koralik%C3%B3w
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=kolczyki+decoupage
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=kolczyki+srebro+-+z%C5%82oto
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=bransolety
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=Inne
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=Brosze+i+broszki
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=Wisiory
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=Obr%C4%85czki
| /?id_str=3'%20OR%20sqlspider&gal=1&folder=Pier%C5%9Bcionki
| /?id_str=3'%20OR%20sqlspider&folder=Wisiory&gal=1&str=1
| /?id_str=3'%20OR%20sqlspider&folder=Wisiory&gal=1&str=2
| /?id_str=3'%20OR%20sqlspider&folder=Wisiory&gal=1&str=3
| /a_index.php?id_str=3'%20OR%20sqlspider
| /?id_str=4'%20OR%20sqlspider&akcja=1
| /?id_str=4'%20OR%20sqlspider&akcja=2
| /a_index.php?id_str=4'%20OR%20sqlspider
| /a_index.php?id_str=5'%20OR%20sqlspider
|_/index.php?id_str=1'%20OR%20sqlspider


realvnc-auth-bypass

PORT     STATE SERVICE VERSION
5900/tcp open  vnc     VNC (protocol 3.8)
|_realvnc-auth-bypass: Vulnerable

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAku1oQYACgkQ3aDTTO0ha7gcLQCfbus6TdYVTKR5zHODFr0buTpq
fzsAn2VT8LH4YpjgMwqfe+Js+K+2sIgO
=Y1BV
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Scripts needing @output sections Gutek (Apr 02)
- <Possible follow-ups>
- Re: Scripts needing @output sections Gutek (Apr 10)
- Re: Scripts needing @output sections David Fifield (Apr 12)