Security Advisory: Archangel Weblog 0.90.02 and prior Multiple HTML injections - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [SA21432] Comet WebFileManager "Language" File Inclusion Vulnerability
  [SA21397] YenerTurk Haber Script "id" SQL Injection Vulnerability
  [SA21379] The Address Book Reloaded Login SQL Injection Vulnerabilities
  [SA21364] The Address Book Login SQL Injection Vulnerabilities

From: piiiiiii pppiiiiiiii <heliosz_time_(at)_hotmail.com>
Date: 09.08.2006
Subject: Archangel Weblog 0.90.02 and prior Multiple HTML injections

## HeLiOsZ - Dark End Team - Internet Security Team
## Archangel Weblog 0.90.02 and prior Multiple HTML injections

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &
http://www.darkend.org
## Rish : Medium
## Type : web applet

## Creator: http://www.archangelmgt.com/

## Exploit:
- To exploit this issue you must only put your injection in the Name,or the
Comment
section,because that two parts do not sanitize the imput

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod