CVE-2009-3718
Battle Blog 1.25 and 1.30 build 2 - SQL Injection via UserName Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-3718. PoCs published by $qL_DoCt0r.
AI-analyzed exploit summary This is a writeup describing SQL injection and HTML/XSS vulnerabilities in Battle Blog. It provides steps to exploit these vulnerabilities, including injecting HTML/XSS in comments and SQL injection in the admin login.
Description
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
Exploits (1)
This is a writeup describing SQL injection and HTML/XSS vulnerabilities in Battle Blog. It provides steps to exploit these vulnerabilities, including injecting HTML/XSS in comments and SQL injection in the admin login.