Lucene search
K

10 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.7 views

LxBlog Multiple Cross Site Scripting and SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/35071/info LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/04/18 12:0 a.m.19 views

LxBlog 6.0 /mod/ajax_mod.php SQL注入漏洞

...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/04/09 12:0 a.m.30 views

Lxblog blog system variables cover the resulting injection+Getshell attached to the use of the exp-bug warning-the black bar safety net

Nonsense: lxblog is www. phpwind. net development of multi-blog system, now seems to have stopped updating! Statement: We only do the technical research, please do not illegally used, together with consequences with himself, independent of it! Text: Key file:/mod/ajaxmod.php if ! empty$POST $POST...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2009/05/25 12:0 a.m.106 views

LxBlog

Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/05/24 12:0 a.m.14 views

LxBlog XSS / SQL Injection

Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2009/05/22 12:0 a.m.13 views

LxBlog - Multiple Cross-Site Scripting SQL Injections

LxBlog - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/35071/info LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues coul...

Exploits0
Exploit DB
Exploit DB
added 2009/05/22 12:0 a.m.15 views

LxBlog - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/35071/info LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authenticati...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2009/03/17 12:0 a.m.20 views

LxBlog V6变量未初始化漏洞

Lxblog 是 PHPWind 开发的一套基于 PHP+MySQL 数据库平台架构的多用户博客系统,强调整站与用户个体间的交互,拥有强大的个人主页系统、独立的二级域名体系、灵活的用户模板系统、丰富的朋友圈和相册功 能。但是该blog系统在安全性上并不让人满意,本文就来分析lxblog一个变量未初始化造成的sql注入漏洞。 LxBlog V6 在数据库查询语句前面将变量$itemtype赋值为指定的数组就可以了。 =======================poc==================================...

7.1AI score
Exploits0
myhack58
myhack58
added 2009/03/17 12:0 a.m.21 views

Analysis of LxBlog V6 variable is not initialized vulnerability-vulnerability warning-the black bar safety net

Flyh4t http://bbs.wolvez.org This article has been published in the hacker line of Defense,reproduced please signature Lxblog is PHPWind development of a based on PHP+MySQL database platform architecture a multi-user blog system, the emphasis of the whole Station and the user inter-individual...

7.8AI score
Exploits0
seebug.org
seebug.org
added 2008/01/17 12:0 a.m.22 views

lxblog rss.php爆路径

$cid=int$GET'cid'; $uid=int$GET'uid'; $Rssnewnum=20; $Rsslistnum=20; $Rssupdatetime=10; $cachepath=DP.'data/cache/rss.php'.$cid.'cache.php'; lxblog 暂无 www.lxblog.net/ http://www.XXXX.com/blog/rss.php?cid=12345 http://www.XXXX.com/blog/data/cache/rss.php12345cache.php...

7.1AI score
Exploits0
Rows per page
Query Builder