MyBloggie index.php Multiple Variable SQL Injection

2007-05-31T00:00:00
ID OSVDB:38345
Type osvdb
Reporter OSVDB
Modified 2007-05-31T00:00:00

Description

Manual Testing Notes

http://[target]/[path]/index.php?mode=viewuser&cat_id=' http://[target]/[path]/index.php?mode=viewuser&month_no=4&year="

References:

Vendor URL: http://mybloggie.mywebland.com/ Other Advisory URL: http://securityreason.com/securityalert/2769 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0428.html ISS X-Force ID: 34627 CVE-2007-3003 Bugtraq ID: 24249