Description - XSS and Multiple SQL Injection in SaralBlog
Multiple Vulnerabilities found in SaralBlog script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
1. Most of user defined data isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.
2. Cross-Site Scripting is possible.
Vulnerable script: view.php
Variable $website isn't properly sanitized. This can be used to insert arbitrary javascript code.
Order Source Code Review made by eVuln team
Defend against hacking by source code analysis of your website done by eVuln team.The work will be done by experts in web security.