Blog System 1.x - 'index.php?news_id' SQL Injection

--==+================================================================================+==-- --==+ BlogSite Professional SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK:...

Blog System 1.x (index.php news_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ====================================================================== Blog System 1.x index.php newsid Remote SQL Injection Vulnerability ======================================================================...

GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion

source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit these issues to delete blogs and comments regardless of the...

Insanely simple blog - Multiple vulnerabilities

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

GeoBlog MOD_1.0 - deleteblog.php?id Arbitrary Blog Deletion

GeoBlog MOD1.0 - deleteblog.php?id Arbitrary Blog Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit thes...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the search action, possibly related to the term parameter to index.php; or 2 an anonymous blog entry, possibly involving the a postedby, b...

CVE-2007-3889

Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the currentsubsection parameter to index.php and other unspecified vectors...

CVE-2007-3888

Multiple cross-site scripting XSS vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the search action, possibly related to the term parameter to index.php; or 2 an anonymous blog entry, possibly involving the a postedby, b...

CVE-2007-3888

Multiple cross-site scripting XSS vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the search action, possibly related to the term parameter to index.php; or 2 an anonymous blog entry, possibly involving the a postedby, b...

CVE-2007-3888

CVE-2007-3888 affects Insanely Simple Blog 0.5 and earlier, with multiple XSS vulnerabilities. The issue is exploitable via (1) the search action, potentially related to the term parameter to index.php, and (2) an anonymous blog entry, possibly involving posted_by, subject, and content parameters...

CVE-2007-3889

Affected: Insanely Simple Blog 0.5 and earlier. Vulnerability: multiple SQL injection weaknesses allowing remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. Root cause: improper input handling enabling injection. Imp...

CVE-2007-3889

Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the currentsubsection parameter to index.php and other unspecified vectors...

isb05-sql.txt

Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...

Sql injection

SQL injection vulnerability in katgoster.asp in MzK Blog tr allows remote attackers to execute arbitrary SQL commands via the katID parameter...

CVE-2007-3824

SQL injection vulnerability in katgoster.asp in MzK Blog tr allows remote attackers to execute arbitrary SQL commands via the katID parameter...

CVE-2007-3824

The CVE-2007-3824 entry concerns a SQL injection in the MzK Blog (tr) web app, specifically the katgoster.asp component. The vulnerability is exploitable via the katID parameter, enabling remote attackers to execute arbitrary SQL commands. According to the provided data, the CVSS v2 base score is...

CVE-2007-3824

SQL injection vulnerability in katgoster.asp in MzK Blog tr allows remote attackers to execute arbitrary SQL commands via the katID parameter...

Insanely Simple Blog 0.4/0.5 - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Exploiting these issue...

Insanely Simple Blog 0.40.5 - Cross-Site Scripting

Insanely Simple Blog 0.40.5 - Cross-Site Scripting source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly...

mzkblog-sql.txt

MzK Blog tr SQL Injection Vuln Software: MzK Blog tr download: http://www.aspindir.com/goster/5013 demo: http://www.karahanbilgisayar.com/blog/ Found By: GeFORC3 | G3 Exploit: http://site.com/scriptpath/katgoster.asp?katID=-1+union+select+0,kullaniciadi,2,3,4,5,6,7+from+admin...