SIMPLOG 0.9.3 injection sql & multiple xss

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SIMPLOG 0.9.3 injection sql & multiple xss
From: saps.audit@xxxxxxxxx
Date: 3 Nov 2006 18:18:58 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[[ SIMPLOG 0.9.3 ]]

cms website : http://www.simplog.org/



xss:
        [*] Administration Panel
                - user.php
                        *Name
                        *URL
                        *Email
                        *API Key
                        *Flickr Email
                        *Flickr Password
                        
                - news.php
                        *URL
                        
                - edit.php
                        *Title
                        *Entry
                        *Manual TrackBack
        => risk very low
        
        [*] SimpLog User Part
                
simplog/archive.php?blogid=1&pid=</textarea>'"><script>alert(document.cookie)</script>
        => risk low
        
Sql injections :

        simplog/archive.php?blogid=
        simplog/archive.php?blogid=1&pid=
        simplog/index.php?blogid=
        
        => risk high
        
Global risk for this cms: medium

Benjamin Mossé & Laurent Gaffié
http://s-a-p.ca/

Prev by Date: [SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation
Next by Date: [ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs
Previous by thread: [SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation
Next by thread: [ MDKSA-2006:197 ] - Updated kernel packages fix multiple vulnerabilities and bugs
Index(es):
- Date
- Thread