Bugtraq mailing list archives
SIMPLOG 0.9.3 injection sql & multiple xss
From: saps.audit () gmail com
Date: 3 Nov 2006 18:18:58 -0000
[[ SIMPLOG 0.9.3 ]] cms website : http://www.simplog.org/ xss: [*] Administration Panel - user.php *Name *URL *Email *API Key *Flickr Email *Flickr Password - news.php *URL - edit.php *Title *Entry *Manual TrackBack => risk very low [*] SimpLog User Part simplog/archive.php?blogid=1&pid=</textarea>'"><script>alert(document.cookie)</script> => risk low Sql injections : simplog/archive.php?blogid= simplog/archive.php?blogid=1&pid= simplog/index.php?blogid= => risk high Global risk for this cms: medium Benjamin Mossé & Laurent Gaffié http://s-a-p.ca/
Current thread:
- SIMPLOG 0.9.3 injection sql & multiple xss saps . audit (Nov 03)