by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

Orca Blog SQL inj. vuln.

Orca Blog SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
affected version:1.3b and prior

Product Description:
The Orca Blog is a free and simple blogging system built from the Orca Forum code. Simple to install and style to fit your existing website, now there's no need to have a whole different section of your site for your blogging script. Create a blog that fits your website instead!

Vuln Description:
Input passed to the "msg" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Anonymous GreyWyvern told...

Vendor patch 1.3c

11:24 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew