Description - Multiple Vulnerabilities in aoblogger
Multiple Vulnerabilities found in aoblogger script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
1. Arbitrary script code insertion is possible in BBcode [url] tag.
[url] tag isn't properly sanitized. This can be used to post arbitrary script code.
2. SQL Injection is possible.
Vulnerable script: login.php
Variable $username isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
3. Unauthorized "New Entry" creation is possible.
Vulnerable script: create.php
This script checks variable $uza for existence and dont check username and password before adding new entry in database.
Order Source Code Analysis made by eVuln
Protect your site by source code review of your website or web application done by eVuln team.The order will be done by specialists in website security.