SIMPLOG 0.9.3 injection sql & multiple xss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

[[ SIMPLOG 0.9.3 ]]

cms website : http://www.simplog.org/



xss:
	[*] Administration Panel
		- user.php
			*Name
			*URL
			*Email
			*API Key
			*Flickr Email
			*Flickr Password
			
		- news.php
			*URL
			
		- edit.php
			*Title
			*Entry
			*Manual TrackBack
	=> risk very low
	
	[*] SimpLog User Part
		simplog/archive.php?blogid=1&pid=</textarea>'"><script>alert(document.cookie)</script>
	=> risk low
	
Sql injections :

	simplog/archive.php?blogid=
	simplog/archive.php?blogid=1&pid=
	simplog/index.php?blogid=
	
	=> risk high
	
Global risk for this cms: medium

Benjamin Mossé & Laurent Gaffié
http://s-a-p.ca/
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux