blur6ex index.php ID Variable Multiple Action SQL Injection

2006-04-11T18:37:01
ID OSVDB:24684
Type osvdb
Reporter OSVDB
Modified 2006-04-11T18:37:01

Description

Manual Testing Notes

http://[target]/[blur6ex_dir]/index.php?shard=blog&action=g_reply&ID=[SQL] http://[target]/[blur6ex_dir]/index.php?shard=blog&action=g_permaPost&ID=[SQL] http://[target]/[blur6ex_dir]/index.php?shard=content&action=g_viewContent&ID=[SQL]

References:

Related OSVDB ID: 24686 Related OSVDB ID: 24685 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0361.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0250.html Mail List Post: http://attrition.org/pipermail/vim/2006-April/000692.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0205.html CVE-2006-1763 Bugtraq ID: 17465