Multiple vulnerabilities in myBloggie 2.1.1

Date May 7, 2005

“myBloggie is considered one of the most simple, user-friendliest yet packed
with features
Weblog system available to date. Built using PHP & mySQL, web most popular
scripting
language & database system enable myBloggie to be installed in any
webservers.”

–) Full Path Disclosure

Thanks to an improper sanitization of the post_id parameter, it’s possible
to show the
full path by sending a simple request:

http://www.example.com/mybloggie/index.php?mode=viewid&post_id=’

Full Reading and Cross-Site Scripting (XSS)

Category Posted in General

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>