)
http://[target]/[path]/index.php?blogid=[sql]
http://[target]/[path]/archive.php?blogid=[sql]
http://[target]/[path]/archive.php?m=[sql]
http://[target]/[path]/archive.php?y=[sql]
/str0ke
On 1/1/07, Javor Ninov [EMAIL PROTECTED] wrote:
Afected Software:
simplog up to 0.9.3.2 (latest
country: scriptalert('XSS in country');/script
google search:
intitle:Big Webmaster Guestbook
Vendor Status:
NOT NOTIFIED
Solution:
I DON'T CARE
Javor Ninov aka DrFrancky
http://www.securitydot.net/
signature.asc
Description: OpenPGP digital signature
to overwriting of this file
!!! VENDOR IS NOT NOTIFIED !!!
Javor Ninov aka DrFrancky
drfrancky shift+2 securax.org
signature.asc
Description: OpenPGP digital signature
wp-content/ is also prone to directory listing
Javor Ninov aka DrFrancky
[EMAIL PROTECTED] wrote:
/*
---
[N]eo [S]ecurity [T]eam [NST]® WordPress 2.0.1 Multiple Vulnerabilities
Affected: Mozila Thunderbird 1.5 /possibly other versions/
Mozila Thunderbird 1.5 address book allows fields of unlimited size in
the address book which leads to a DoS if you import such ldif file
POC: create a file.ldif and insert following then import it in address book:
--- start