Description - SQL Injection Vulnerability in geoBlog
SQL Injection found in geoBlog script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script:
viewcat.php
Variable $tmpCategory isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Administrator's login name and password's hash storing in database.
Administrator has an ability to upload arbitrary files which will be stored in /files directory.
System access is possible.
Order Source Code Analysis
You may order PHP code audit of your site done by eVuln team.The work will be done by experts in website security.