dalogin 2.2 multiple vulnerabilites app desc: Configurable WebSite. PHP + Mysql: news zone with rss feed, private zone, languages, themes, administration panel app source: http://dalogin.sourceforge.net/ author: hc0 [1] config file disclosure you can access config.ini file from [path]/admin/include/config.ini this file contains mysql connection informations (user, pass, host etc..) its says "come here and ownz by box!!" [2] sql injection at line 115 requested http parameter id use in sql query without filtering. 114 - //LEER COMENTARIOS 115 - $Sql="SELECT * from news_comments WHERE id_new=".$_REQUEST['id']." AND state=1"; 116 - $result_comments = mysql_query($Sql); 117 - while ($row_comments=mysql_fetch_array($result_comments)) 118 - { 119 - echo '
'.strftime(DATE_TIME_FORMAT,strtotime($row_comments['date_comment'])).'
122 - '.$row_comments['user_name'].' 123 - |
124 - 125 - '.$row_comments['comment'].' 126 - | 127 -