Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability

Open any blog entry 2. Try to reply to any message 3. Push "Preview message" button Do not post your reply 4. Save source code of opened page to your PC 5. Find this string input type='hidden' name='eid' value='BLOGENTRYID' / 6. Change BLOGENTRYID with this SQL Injection: BLOGENTRYID UNION...

CVE-2006-6189

CVE-2006-6189 describes an SQL injection in the web application component displayCalendar.asp of ClickTech Click Blog . The vulnerability allows remote attackers to inject arbitrary SQL commands via the date parameter, leading to potential data exposure or manipulation. The existing connected sou...

CVE-2006-6189

SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter...

Invision Community Blog Mod 1.2.4 - SQL Injection

Open any blog entry 2. Try to reply to any message 3. Push "Preview message" button Do not post your reply 4. Save source code of opened page to your PC 5. Find this string ' / 6. Change with this SQL Injection: UNION SELECT b.entryid, b.blogid, b.categoryid, b.entryauthorid, b.entryauthorname,...

aria-clickblog.txt

Aria-Security Team Advisory ----------------------------------------------------------- Software: Click Blog Method: SQL injection PoC: http://target/displayCalendar.asp?date=SQL Injection Contact: [email protected]...

Clickblog Sql Injection

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian ----------------------------------------------------------- Software: Click Blog Method: SQL injection PoC: http://target/displayCalendar.asp?date=SQL Injection Contact: [email protected]...

CVE-2006-6032

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog SPHPBlog, probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via 1 the action parameter in addblock.php or 2 the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been...

CVE-2006-6033

Multiple directory traversal vulnerabilities in Simple PHP Blog SPHPBlog, probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. dot dot sequence in the blogtheme parameter in 1 index.php, 2 addcgi.php, 3 addlink.php, 4 login.php, 5...

CVE-2006-6020

Cross-site scripting XSS vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter...

CVE-2006-6020

CVE-2006-6020 is an XSS vulnerability in announce.php of Blog Torrent Preview 0.92, exploitable via the left parameter to inject script/HTML. The NVD entry lists a CVSS v2 base score of 6.8 (MEDIUM) with network attack vector and no authentication, affecting confidentiality, integrity, and availa...

CVE-2006-6032

SPHPBlog (Simple PHP Blog) is affected by XSS in CVE-2006-6032. Concrete details from the connected data show vulnerable code paths in SPHPBlog where input is used without proper validation for two parameters: the action parameter in add_block.php and the entry parameter in index.php. The descrip...

CVE-2006-6033

CVE-2006-6033 affects Simple PHP Blog (SPHPBlog), likely version 0.4.8. It enables directory traversal via a .. sequence in the blog_theme parameter in multiple PHP scripts (index.php, add_cgi.php, add_link.php, login.php, template.php, contact.php), allowing remote attackers to read arbitrary fi...

CVE-2006-6032

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog SPHPBlog, probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via 1 the action parameter in addblock.php or 2 the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been...

RED Blog => Remote File Include Vulnerability Exploit

No description provided by source. !/usr/bin/perl """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """...

Odysseus Blog 1.0 - 'blog.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21128/info Odysseus Blog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in th...

Odysseus Blog 1.0 - blog.php Cross-Site Scripting

Odysseus Blog 1.0 - blog.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21128/info Odysseus Blog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

vblog1201-rfi.txt

WwW.Deltahacking.NeT Priv8 Site WwW.Deltahacking.Ir Public Site Portal Name :Vortex Blog AKA vBlog Class = Remote File Inclusion ; Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12a0.1nonfunc.zip Found by = Dr.Pantagon [email protected]...

vBlog C12 0.1 - cfgProgDir Remote File Inclusion

vBlog C12 0.1 - cfgProgDir Remote File Inclusion WwW.Deltahacking.NeT Priv8 Site WwW.Deltahacking.Ir Public Site Portal Name :Vortex Blog AKA vBlog Class = Remote File Inclusion ; Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12a0.1nonfunc.zip Found by = Dr.Pantagon...

vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ vBlog / C12 0.1 cfgProgDir Remote File Include Vulnerabilities ================================================================ Portal Name :Vortex Blog AKA vBlog Class =...

vBlog / C12 0.1 - 'cfgProgDir' Remote File Inclusion

WwW.Deltahacking.NeT Priv8 Site WwW.Deltahacking.Ir Public Site Portal Name :Vortex Blog AKA vBlog Class = Remote File Inclusion ; Download =http://switch.dl.sourceforge.net/sourceforge/c12/C12a0.1nonfunc.zip Found by = Dr.Pantagon [email protected]...