by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

Orca Blog SQL inj. vuln.

Orca Blog SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Vendor:http://www.greywyvern.com/orca#blog
affected version:1.3b and prior


Product Description:
The Orca Blog is a free and simple blogging system built from the Orca Forum code. Simple to install and style to fit your existing website, now there's no need to have a whole different section of your site for your blogging script. Create a blog that fits your website instead!

Vuln Description:
Input passed to the "msg" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/blog?msg=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous GreyWyvern told...

Vendor patch 1.3c
http://www.greywyvern.com/orca#blog

11:24 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew