[41509] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Blog System v1.2 Multiple SQL Injection Vulnerabilities

daemon@ATHENA.MIT.EDU (vipsta@gmail.com)
Mon Dec 5 17:39:54 2005

Date: 5 Dec 2005 20:58:17 -0000
Message-ID: <20051205205817.16315.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: vipsta@gmail.com
To: bugtraq@securityfocus.com

Blog System v1.2 (http://www.netartmedia.net/blogsystem/)
is vulnerable to 2 SQL injection vulnerabilities for failure to correctly sanitize SQL parameters.

http://[HOST]/index.php?mode=home&cat=-99[SQL CODE]

http://[HOST]/blog.php?user=[USER]&note=-99[SQL CODE]


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41509] in bugtraq

Blog System v1.2 Multiple SQL Injection Vulnerabilities

daemon@ATHENA.MIT.EDU (vipsta@gmail.com)Mon Dec 5 17:39:54 2005

daemon@ATHENA.MIT.EDU (vipsta@gmail.com)
Mon Dec 5 17:39:54 2005