CVE-2009-3719

CVE-2009-3719 is an XSS vulnerability in Battle Blog’s comment.asp affecting builds 1.25 and 1.30 build 2. The issue allows remote attackers to inject arbitrary web script or HTML via a comment. Documents identify the vulnerable component (comment.asp) and affected versions but do not provide add...

WoDig社区程序Comment.asp页面过滤不严导致SQL注入漏洞

在文件comment.asp中： OpType=request"type" //第3行 id=request"id" …… if OpType="Support" then //第10行 response.Cookies"comment""mydate1"&id=formatdatetimenow,2 conn.execute"update WoSrcRevert set ReSupport=ReSupport+1 where ReID="&id&"" 程序没有对放入sql语句中的变量id做过滤导致注入漏洞的产生。 WoDig 4.1.2 厂商补丁 WoDig ------------...

Sql injection

SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter...

CVE-2008-2626

SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter...

Battle Blog <= 1.25 (comment.asp) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Battle Blog Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 +...