2
Well Vaughan from ImpressCMS, if that is even your real name.. I don't know I have been reading reports that someone is trying to funnel even my donation to Xoops.org from xoops... Thats why I am friend with xoops..
Well i tryed your vunrability and several other and all they seem to produce is a blank page on the cms...
Hey everyone try it on my development server
http://www.unseen.org.au/modules/xtorrent/viewcat.php?cid=1%20un_ion%20select%20uname,null,null,null,null,null%20from%20xoops_users%20where%20uid=1
Wouldn't if you are from ImpressCMS like your email states, with this link, already have a username on xoops? Or be on of the banned people.
All it seems to do is produce a blank result.. It doesn't display anything?>?
Your a script kiddy congradulations. I have been programming for 20 years, more or less in the compilers not scripting languages like PHP.. And SQL injestion is something that exist in most libraries, somehow the other side of the system will counter for it, like the need for a smarty variable to display the data or a textbox... If this doesn't exist then it not a problem..
If you want to get involved with the x-torrent project then do so -- make an application at
http://www.sourceforge.org/project/x-Torrent/ but otherwise, don't contact me again thank Vaughan
Btw, you still haven't answer my question.. That if this was such a problem why do poeple do URL paths like this:
http://www.bankfees.net.au/forums/Credit_Unions/Credit_Unions/
or
http://www.bankfees.net.au/forums/Credit_Unions
and so on.
www.ohloh.net/accounts/226400
Follow, Like & Read:-
twitter.com/RegaltyFamily
github.com/Chronolabs-Cooperative
facebook.com/DrAntonyRoberts