BugTraq
Back to list
|
Post reply
iwebnegar is vulnerable to all kind of sql injections
Dec 15 2004 03:28PM
shervin khaleghjou (oil_karchack yahoo com)
----------------www.karchack.com----------------
----------------www.karchack.net----------------
describtion :
iwebnegar is farsi weblog software written in php
http://iwebnegar.co.sr
---------
vulnerabilities :
all files seems to be vulnerable such as comments.php , index.php and also administrator login page
-------------
proof of concept :
for example you can use this link to inject the sql server
http://site/weblog/index.php?string=[sql injection code]
----------------
www.karchack.com
www.karchack.net
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
----------------www.karchack.com----------------
----------------www.karchack.net----------------
describtion :
iwebnegar is farsi weblog software written in php
http://iwebnegar.co.sr
---------
vulnerabilities :
all files seems to be vulnerable such as comments.php , index.php and also administrator login page
-------------
proof of concept :
for example you can use this link to inject the sql server
http://site/weblog/index.php?string=[sql injection code]
----------------
www.karchack.com
www.karchack.net
[ reply ]