TUCoPS :: HP Unsorted S :: b06-5576.htm

TUCoPS :: HP Unsorted S :: b06-5576.htm
SIMPLOG 0.9.3 injection sql & multiple xss

SIMPLOG 0.9.3 injection sql & multiple xss SIMPLOG 0.9.3 injection sql & multiple xss


[[ SIMPLOG 0.9.3 ]]

cms website : http://www.simplog.org/ 



xss:
	[*] Administration Panel
		- user.php
			*Name
			*URL
			*Email
			*API Key
			*Flickr Email
			*Flickr Password
		=09
		- news.php
			*URL
		=09
		- edit.php
			*Title
			*Entry
			*Manual TrackBack
	=> risk very low
=09
	[*] SimpLog User Part
		simplog/archive.php?blogid=1&pid='">
	=> risk low
=09
Sql injections :

	simplog/archive.php?blogid	simplog/archive.php?blogid=1&pid	simplog/index.php?blogid=09
	=> risk high
=09
Global risk for this cms: medium

Benjamin Moss=E9 & Laurent Gaffi=E9
http://s-a-p.ca/