XSS and Multiple SQL Injection in SaralBlog
- XSS and Multiple SQL Injection in SaralBlog
- Last Update
- 0 n/a
- CVE-2006-0345 CVE-2006-0346
- Risk Level
- Multiple Vulnerabilities
- Vulnerable Software
- SaralBlog (http://www.saralblog.org/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Multiple Vulnerabilities found in SaralBlog (http://www.saralblog.org/) script.
1. Most of user defined data isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.
2. Cross-Site Scripting is possible.
Vulnerable script: view.php
1. SQL Injection Example
2. SQL Injection Example (gpc_magic_quotes: off)
aaaaa') union select 1,2,3,4,5,6/*
3. Cross-Site Scripting
Adding new comment:
Solution for "XSS and Multiple SQL Injection in SaralBlog" is not available. Check vendor's website for updates.