This MIRV just wants to party.

I started blogging (on a different domain) a year ago, mainly as a way to share some of the interesting stuff I’d found while out on the network. I only posted here and there, and eventually tried to monetize it, which didn’t go over well with my gracious middle man host. I bought this domain, and moved all my stuff over. Everything seemed fine, until I tried to monetize it again… this time Google would have the last laugh however and they took everything I made from another type of 0-day release.

I kind of lost focus during that whole ordeal, and began posting crap… So, to try to make up for it, I’ve posted a few new bugs these last few days.

Here’s a roundup, along with 3 new ones:

phpLD 3.3 (page.php name) Blind SQL Injection Vulnerability
Link directories are cancer and should be treated as such.

ClaSS < =0.8.60 File Disclosure/Download
Not much to say here, but props to the dev guy who got the patch out in no time flat.

BloofoxCMS 0.3.4 File Inclusion
Nothing amazing, turn on JS if you can’t get it to work :)

Injader CMS 2.1.1 (id) Remote SQL Injection Vulnerability
Props to Ben for getting this all patched up and even going through to find some stuff I missed.

Constructr CMS < = 3.02.5 Stable Multiple Remote Vulnerabilities
What happens when you develop your apps on a Mac?