PluggedOut Blog SQL injection and XSS
- To: "bugs@xxxxxxxxxxxxxxxxxxx" <bugs@xxxxxxxxxxxxxxxxxxx>, "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>, "content-editor@xxxxxxxxxxxxxxxxx" <content-editor@xxxxxxxxxxxxxxxxx>, "editor@xxxxxxxxxxxxxxxxx" <editor@xxxxxxxxxxxxxxxxx>, "expert@xxxxxxxxxxxxxx" <expert@xxxxxxxxxxxxxx>, "news-editor@xxxxxxxxxxxxxxxxx" <news-editor@xxxxxxxxxxxxxxxxx>, "support@xxxxxxxxxxx" <support@xxxxxxxxxxx>, "vuldb@xxxxxxxxxxxxxxxxx" <vuldb@xxxxxxxxxxxxxxxxx>, "vuln@xxxxxxxxxxx" <vuln@xxxxxxxxxxx>, "webmaster@xxxxxxxxxxx" <webmaster@xxxxxxxxxxx>, "webmaster@xxxxxxxxxxxxxxxxx" <webmaster@xxxxxxxxxxxxxxxxx>
- Subject: PluggedOut Blog SQL injection and XSS
- From: h e <het_ebadi@xxxxxxxxx>
- Date: Sat, 4 Feb 2006 02:03:26 -0800 (PST)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=NdI8NRoo645RFrZI8hWzjLtb5bmUX6tnA6ABVS205rBJBrH1lYZKTpsqAZgGtAnV+tmBFrivi0IAewa07pixxG5A4GREpu4j8Yg1kozqeDi7qje7K7/rxBM1wAUoSLl17osOFYMEEM4v/xmotLP+1aoKe23YyY+vQLwHqtgxNko= ;
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
PluggedOut Blog SQL INJECTION and XSS
PluggedOut Blog is an open source script you can run
on your web server to give you an online multi-user
journal or diary.
It can be used equally well for any kind of calendar
application.Rather than give you a thousand things you
don't really want ...
PluggedOut Blog : http://www.pluggedout.com/
Credit:
The information has been provided by Hamid Ebadi
(Hamid Network Security Team):admin@xxxxxxxx
The original article can be found at:
http://hamid.ir/security/
Vulnerable Systems:
PluggedOut Blog Version : Version: 1.9.9c
(2006-01-13)
example :
The following URL can be used to trigger an SQL
injection vulnerability in the exec.php :
http://[PluggedOut
Blog]/exec.php?action=comment_add&entryid=[SQL
INJECTION]
and XSS
http://[PluggedOut
Blog]/problem.php?id=1&data=<script>alert('Hamid
Network Security Team -->
http://hamid.ir');alert(document.cookie)</script>
Signature
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com