Monday, July 10, 2006

 

PluggedOut Blog SQL INJECTION and XSS

PluggedOut Blog SQL INJECTION and XSS

PluggedOut Blog is an open source script you can run on your web server to give 
you an online multi-user journal or diary.
It can be used equally well for any kind of calendar application.Rather than 
give you a thousand things you don't really want ...
PluggedOut Blog   : http://www.pluggedout.com/

Credit:
The information has been provided by Hamid Ebadi (Hamid Network Security Team):
admin@hamid.ir
The original article can be found at: 
http://hamid.ir/security/

Vulnerable Systems:
PluggedOut Blog  Version : Version: 1.9.9c (2006-01-13)

example :
The following URL can be used to trigger an SQL injection vulnerability in the exec.php:
http://[PluggedOut Blog]/exec.php?action=comment_add&entryid=[SQL INJECTION]

and XSS
http://[PluggedOut Blog]/problem.php?id=1&data=>script<alert
('Hamid Network Security Team --> http://hamid.ir');alert(document.cookie)>/script<


# posted by WebFanatic @ 4:37 AM
Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?