[37739] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

iwebnegar is vulnerable to all kind of sql injections

daemon@ATHENA.MIT.EDU (shervin khaleghjou)
Wed Dec 15 16:07:08 2004

Date: 15 Dec 2004 15:28:53 -0000
Message-ID: <20041215152853.4975.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: shervin khaleghjou <oil_karchack@yahoo.com>
To: bugtraq@securityfocus.com



----------------www.karchack.com----------------
----------------www.karchack.net----------------
describtion :
iwebnegar is farsi weblog software written in php 
http://iwebnegar.co.sr

---------

vulnerabilities :
all files seems to be vulnerable such as comments.php , index.php and also administrator login page
-------------

proof of concept :
for example you can use this link to inject the sql server
http://site/weblog/index.php?string=[sql injection code]
----------------


www.karchack.com
www.karchack.net


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37739] in bugtraq

iwebnegar is vulnerable to all kind of sql injections

daemon@ATHENA.MIT.EDU (shervin khaleghjou)Wed Dec 15 16:07:08 2004

daemon@ATHENA.MIT.EDU (shervin khaleghjou)
Wed Dec 15 16:07:08 2004