------------------------------------------------------
      Nightmare TeAmZ Advisory 011
------------------------------------------------------
Date -  10/2005
Zomplog Multiple Vulnerability


AFFECTED PRODUCTS
=================
Zomplog
http://zomplog.zomp.nl


OVERVIEW
========
Zomplog is an easy to use weblog system, that works out-of-the-box, while 
staying very flexible in the way it can be applied. It supports all you 
would expect from a weblog-system: image upload, categories, comments, 
skins, language files (currently English, German, Dutch), search, BBcode 
editor, static pages, multiple users and an rss feed, while staying easy to 
use for anyone. Starting from version 3.0 Zomplog also has built-in support 
for moblogging: posting to your site through email or even your mobile 
phone! All weblog settings can be managed through a control-panel. The 
latest version turns your weblog into an audioblog and videoblog, supporting 
Quicktime video, Realplayer video, Windows Media Player video and mp3's! 
Mp3's can be streamed using the built-in flash mp3 player

POC
===

Sql Injection Vulnerable Path:

/detail.php?id=[SQL]
/get.php?catid=[SQL]
/index.php?show=1&catid=[SQL]

Xss Vulnerable Path:

/detail.php?name=[XSS]
/get.php?username=[XSS]
/index.php?search=[XSS]

Html Injection Vulnerable Path:

/detail.php?name=[HTML]
/get.php?username=[HTML]
/index.php?search=[HTML]

Solution:
=========
1. Venditor Not Contacted


Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0
Site: http://www.NightmareTeAmZ.altervista.org <--IT Security Forum

_________________________________________________________________
Personalizza MSN Messenger con sfondi e fotografie! 
http://www.ilovemessenger.msn.it/