BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
WheatBlog 1.1 RFI/SQL Injection Jun 30 2007 02:52PM
underwater itdefence ru
Found by E.Minaev (underwater (at) itdefence (dot) ru [email concealed])
ITDefence.ru

1) SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database (magic_quotes_gpc should be tured off).

------------------------------------------
"$sql = "select * fro...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus