|
[[ SIMPLOG 0.9.3 ]]
cms website : http://www.simplog.org/
xss:
[*] Administration Panel
- user.php
*Name
*URL
*Email
*API Key
*Flickr Email
*Flickr Password
=09
- news.php
*URL
=09
- edit.php
*Title
*Entry
*Manual TrackBack
=> risk very low
=09
[*] SimpLog User Part
simplog/archive.php?blogid=1&pid='">
=> risk low
=09
Sql injections :
simplog/archive.php?blogid simplog/archive.php?blogid=1&pid simplog/index.php?blogid=09
=> risk high
=09
Global risk for this cms: medium
Benjamin Moss=E9 & Laurent Gaffi=E9
http://s-a-p.ca/