• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

CafeLog b2 WebLog Tool SQL Injection Vulnerability

CafeLog b2 WebLog Tool allows users to generate news pages and weblogs dynamically. It uses PHP and a MySQL database to generate dynamic pages.

The b2 WebLog Tool does not properly sanitize data that is sent to the tableposts variable. This could allow an attacker to modify the logic of SQL queries, allowing for execution of commands on the database.