Analysis of LxBlog V6 variable is not initialized vulnerability-vulnerability warning-the black bar safety net

Flyh4t http://bbs.wolvez.org This article has been published in the hacker line of Defense,reproduced please signature Lxblog is PHPWind development of a based on PHP+MySQL database platform architecture a multi-user blog system, the emphasis of the whole Station and the user inter-individual...

LxBlog V6变量未初始化漏洞

Lxblog 是 PHPWind 开发的一套基于 PHP+MySQL 数据库平台架构的多用户博客系统，强调整站与用户个体间的交互，拥有强大的个人主页系统、独立的二级域名体系、灵活的用户模板系统、丰富的朋友圈和相册功 能。但是该blog系统在安全性上并不让人满意，本文就来分析lxblog一个变量未初始化造成的sql注入漏洞。 LxBlog V6 在数据库查询语句前面将变量$itemtype赋值为指定的数组就可以了。 =======================poc==================================...

CVE-2006-3010

Multiple SQL injection vulnerabilities in Open Business Management OBM 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the 1 neworder and 2 orderdir parameters to a index.php, b group/groupindex.php, c user/userindex.php, d list/listindex.php, and e company/companyindex.php...