Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

myBloggie Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Searches for the existence of a myBloggie

Detailed Explanation for this Vulnerability Test

The remote host is running myBloggie, a web log system written in PHP.

The remote version of this software has been found contain multiple

* Full Path Disclosure
Due to an improper sanitization of the post_id parameter, it's possible
to show the full path by sending a simple request.

* Cross-Site Scripting (XSS)
Input passed to 'year' parameter in viewmode.php is not properly sanitised
before being returned to users. This can be exploited execute arbitrary
HTML and script code in a user's browser session in context of a vulnerable

* SQL Injection
When myBloggie get the value of the 'keyword' parameter and put it in the
SQL query, don't sanitise it. So a remote user can do SQL injection attacks.

Solution: Patches have been provided by the vendor and are available at:

Risk factor: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.