[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iwebnegar is vulnerable to all kind of sql injections

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: iwebnegar is vulnerable to all kind of sql injections
From: shervin khaleghjou <oil_karchack@xxxxxxxxx>
Date: 15 Dec 2004 15:28:53 -0000


----------------www.karchack.com----------------
----------------www.karchack.net----------------
describtion :
iwebnegar is farsi weblog software written in php 
http://iwebnegar.co.sr

---------

vulnerabilities :
all files seems to be vulnerable such as comments.php , index.php and also 
administrator login page
-------------

proof of concept :
for example you can use this link to inject the sql server
http://site/weblog/index.php?string=[sql injection code]
----------------


www.karchack.com
www.karchack.net

Prev by Date: Re: Linux kernel IGMP vulnerabilities
Next by Date: Cisco Security Advisory: Cisco Unity Integrated with Exchange Has Default Passwords
Previous by thread: Advisory 01/2004: Multiple vulnerabilities in PHP 4/5
Next by thread: Cisco Security Advisory: Cisco Unity Integrated with Exchange Has Default Passwords
Index(es):
- Date
- Thread