Bugtraq mailing list archives
WheatBlog 1.1 RFI/SQL Injection
From: underwater () itdefence ru
Date: 30 Jun 2007 14:52:04 -0000
Found by E.Minaev (underwater () itdefence ru) ITDefence.ru 1) SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database (magic_quotes_gpc should be tured off). ------------------------------------------ "$sql = "select * from $tblUsers where login = '$login'"; if ( $login != $row['login'] ) $valid_user = 0; if ( $password != $row['password'] ) $valid_user = 0;" ------------------------------------------ 2) Remote File Inclusion (RFI) /includes/sessions.php?wb_class_dir=shell?
Current thread:
- WheatBlog 1.1 RFI/SQL Injection underwater (Jun 30)