| EDB-ID: 31774 | Author: David Sopas Ferreira | Published: 2008-05-10 | |
| CVE: CVE-2008-6631 | Type: Webapps | Platform: PHP | |
| Aliases: N/A | Advisory/Source: Link | Tags: N/A | |
E-DB Verified:
 |
Exploit:
 Download
/
View Raw
|
Vulnerable App:
|
|
source: http://www.securityfocus.com/bid/29133/info BlogPHP is prone to multiple input-validation vulnerabilities, including a cross-site scripting issue, an HTML-injection issue, and a cookie-manipulation issue. Attackers can exploit these issues to execute arbitrary script code in the context of the webserver, compromise the application, steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, and gain access as an arbitrary user. BlogPHP 2.0 is vulnerable; other versions may also be affected. http://www.example.com/index.php?act=sendmessage&user=admin[XSS]
Related Exploits
Trying to match CVEs (1): CVE-2008-6631Trying to match OSVDBs (1): 45038
Trying to match setup file: ff3839cd5c3f5ce099932fd08cbd326a
Other Possible E-DB Search Terms: BlogPHP 2.0, BlogPHP
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2006-01-16 | |
|
BlogPHP 1.0 - 'index.php' SQL Injection | Aliaksandr ... |
| 2008-02-02 | |
|
BlogPHP 2 - 'id' Parameter Cross-Site Scripting / SQL Injection | Khashayar F... |
| 2011-08-09 | |
|
BlogPHP 2.0 - Persistent Cross-Site Scripting | Paulzz |
| 2008-06-23 | |
|
BlogPHP 2.0 - Privilege Escalation (via SQL Injection) | Cod3rZ |
| 2006-01-20 | |
|
BlogPHP 1.2 - Multiple SQL Injections | imei |