AOH :: HP Unsorted S :: B06-5576.HTM

SIMPLOG 0.9.3 injection sql & multiple xss



SIMPLOG 0.9.3 injection sql & multiple xss
SIMPLOG 0.9.3 injection sql & multiple xss



[[ SIMPLOG 0.9.3 ]]

cms website : http://www.simplog.org/ 



xss:
	[*] Administration Panel
		- user.php
			*Name
			*URL
			*Email
			*API Key
			*Flickr Email
			*Flickr Password
		=09
		- news.php
			*URL
		=09
		- edit.php
			*Title
			*Entry
			*Manual TrackBack
	=> risk very low
=09
	[*] SimpLog User Part
		simplog/archive.php?blogid=1&pid='">
	=> risk low
=09
Sql injections :

	simplog/archive.php?blogid	simplog/archive.php?blogid=1&pid	simplog/index.php?blogid=09
	=> risk high
=09
Global risk for this cms: medium

Benjamin Moss=E9 & Laurent Gaffi=E9
http://s-a-p.ca/ 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.