source: http://www.securityfocus.com/bid/39406/info Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and cross-site-scripting issues. Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible. Blog System versions 1.5 and prior are affected. http://www.example.com/ADMIN/index.php?category=(home|comments|lists|habillage|info)&action=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/ADMIN/index.php?category=(home|comments|lists|habillage|info)&action=[LFI]%00
Related Exploits
Other Possible E-DB Search Terms: Blog System 1.x, Blog System| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2005-12-05 |  |
|
Blog System 1.2 - 'index.php' cat Parameter SQL Injection | r0t3d3Vil |
| 2010-04-13 | |
|
Blog System 1.5 - Multiple Vulnerabilities | cp77fk4r |
| 2007-07-20 | |
|
Blog System 1.x - 'index.php news_id' SQL Injection | t0pP8uZz |
| 2010-01-21 | |
|
Blog System 1.x - (note) SQL Injection | BorN To K!LL |
| 2009-08-03 | |
|
Blink Blog System - Authentication Bypass | Salvatore F... |
| 2008-01-21 | |
|
Mooseguy Blog System 1.0 - 'month' Parameter SQL Injection | The_HuliGun |
| 2008-11-23 | |
|
Netartmedia Blog System - SQL Injection | snakespc |
| 2012-01-18 | |
|
PHPBridges Blog System - members.php SQL Injection | 3spi0n |