SQL Injection Vulnerability in microBlog
- SQL Injection Vulnerability in microBlog
- Last Update
- 2006.02.22 Solution added
- Risk Level
- SQL Injection
- Vulnerable Software
- microBlog (http://www.stamcar.com/projekti/microblog/)
- 2.0 RC-10
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in microBlog (http://www.stamcar.com/projekti/microblog/) script.
Vulnerable script: index.php
Variables $month $year isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Administrator's login and password is threatened.
SQL Injection Example:
Install or upgrade to new 2.1 version to fix this vulnerability