Hosting Provided By

WheatBlog 1.1 RFI/SQL Injection

From: <underwater(at)itdefence.ru>
Date: Sat Jun 30 2007 - 10:52:04 EDT

Found by E.Minaev (underwater@itdefence.ru) ITDefence.ru

SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database (magic_quotes_gpc should be tured off).

"$sql = "select * from $tblUsers where login = '$login'";

if ( $login	 != $row['login'] )	$valid_user = 0;
		if ( $password  != $row['password'] ) $valid_user = 0;"

------------------------------------------

2) Remote File Inclusion (RFI)
/includes/sessions.php?wb_class_dir=shell? Received on Sat Jun 30 13:21:05 2007

This message: [ Message body ]
Next message: Emanuele Gentili: "akocomment SQL INJECTION (all version)"
Previous message: suresync(at)gmail.com: "Re: Re: Progress Webspeed exploit for all releases"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sat Jun 30 2007 - 13:30:02 EDT