|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2904 CVE : CVE-2007-3889 CVE : CVE-2007-3888 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : joseph giron13 Published : 21.07.2007
Advisory Content : Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can contain javascript allowing script execution. How? Well, tags are stripped, and there is As for the sql injection portion, several GET variables allow for the injection of SQL queries. First of which is the current_subsection variable. The following proof of concepts are provided http://www.example.net/index.php?current_subsection=2 or 1=1/* ^^ dumps all table data. http://www.example.net/index.php?current_subsection=2%20union%20all%20se lect blah from content/* The following bits of code work on the blog. <B onmousemver="javascript:alert('lol')">Pizza pie</B> <OL onmouseover="alert('lol')">I like it</OL> The fix for now is to filter blog entries with either a regex or the htmlspecialchars() function. The sql injection can be prevented by making sure the variables are numeric.  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |