exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

simpleBlogXSS.txt

simpleBlogXSS.txt
Posted Jan 21, 2006
Authored by Zinho | Site hackerscenter.com

SimpleBlog version 2.1 suffers from SQL injection and cross site scripting flaws.

tags | exploit, xss, sql injection
SHA-256 | d4fb2adb740daa9fffe2e1e48ba721f85ceb9532fe0e801646e944208411a7dc

simpleBlogXSS.txt

Change Mirror Download
Hackers Center Security Group (https://www.hackerscenter.com/)             
Zinho's Security Advisory

Risk: High


- Note from the author
Simple Blog is a free weblog application intended for personal use. The latest version, 2.1, features xhtml/css template structure, rss feed, blog calendar and an easy to use control panel.
https://www.8pixel.net


SimpleBlog 2.1 suffers of non-existent user input sanitization so it's possbile to insert html code and to inject sql.
It is possible to get admin's password without modifying any database and without having any privilege.

I will post only one sample of sql injection and one for xss. Many other are present.

SQL Injection:
/simpleblog/?view=archives&month='&year=2006

XSS:
comments.asp allows for html code to be inserted as comment.


-- HSC Security Group
Get your site audited for free and pay only if we find it vulnerable!
www.securityforge.com

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close