10 matches found
LxBlog Multiple Cross Site Scripting and SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/35071/info LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker ...
LxBlog 6.0 /mod/ajax_mod.php SQL注入漏洞
...
Lxblog blog system variables cover the resulting injection+Getshell attached to the use of the exp-bug warning-the black bar safety net
Nonsense: lxblog is www. phpwind. net development of multi-blog system, now seems to have stopped updating! Statement: We only do the technical research, please do not illegally used, together with consequences with himself, independent of it! Text: Key file:/mod/ajaxmod.php if ! empty$POST $POST...
LxBlog
Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...
LxBlog XSS / SQL Injection
Securitylab.ir Application Info: Name: LxBlog Website: http://www.lxblog.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql/Xss Risk: Medium =========================================================...
LxBlog - Multiple Cross-Site Scripting SQL Injections
LxBlog - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/35071/info LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues coul...
LxBlog - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/35071/info LxBlog is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authenticati...
LxBlog V6变量未初始化漏洞
Lxblog 是 PHPWind 开发的一套基于 PHP+MySQL 数据库平台架构的多用户博客系统,强调整站与用户个体间的交互,拥有强大的个人主页系统、独立的二级域名体系、灵活的用户模板系统、丰富的朋友圈和相册功 能。但是该blog系统在安全性上并不让人满意,本文就来分析lxblog一个变量未初始化造成的sql注入漏洞。 LxBlog V6 在数据库查询语句前面将变量$itemtype赋值为指定的数组就可以了。 =======================poc==================================...
Analysis of LxBlog V6 variable is not initialized vulnerability-vulnerability warning-the black bar safety net
Flyh4t http://bbs.wolvez.org This article has been published in the hacker line of Defense,reproduced please signature Lxblog is PHPWind development of a based on PHP+MySQL database platform architecture a multi-user blog system, the emphasis of the whole Station and the user inter-individual...
lxblog rss.php爆路径
$cid=int$GET'cid'; $uid=int$GET'uid'; $Rssnewnum=20; $Rsslistnum=20; $Rssupdatetime=10; $cachepath=DP.'data/cache/rss.php'.$cid.'cache.php'; lxblog 暂无 www.lxblog.net/ http://www.XXXX.com/blog/rss.php?cid=12345 http://www.XXXX.com/blog/data/cache/rss.php12345cache.php...