rssagg-sql.txt

`----------------  
*RSS-aggregator*  
----------------  
  
Informations :  
**************   
Langage : PHP  
Version : 1.0  
Website : http://www.rss-aggregator.com  
Problems : Multiple vulnerabilities  
  
  
Description:  
************  
RSS-aggregator is a tool, for Webmaster, allowing to display several feeds RSS on a single page.   
  
Details :  
*********  
-----------------  
**SQL injection**  
-----------------  
Multiple sql injections:  
http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection]  
http://localhost/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection]  
  
------------------------------  
** Access to admin functions**  
------------------------------  
We can easily access to all admin functions directly from files in /admin/fonctions/ directory.  
  
Examples:  
http://localhost/admin/fonctions/supprimer_flux.php?IdFlux=5  
http://localhost/admin/fonctions/modifier_tps_rafraich.php?TpsRafraich=500  
  
  
  
Credits:  
********  
Autor : Sylvain THUAL   
E-mail : [email protected]  
Website : http://www.click-internet.fr  
  
  
`