by r0t,der4444,cembo,VietMafia

Monday, December 05, 2005

PluggedOut Blog SQL vuln.

PluggedOut Blog SQL vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
vendor:www.pluggedout.com/index.php?pk=dev_blog
affected version:1.9.4 , 1.9.5 and prior

Product Description:
Blog is an open source script you can run on your web server to give you an online journal or diary. It can be used equally well for any kind of calendar application. Features - Multi User (with Roles : Admin, Author, Contributor) - Themes and Templates - Wonderful admin/authoring interface - Calendar with hilighted entries - RSS feed support built in - Smiley Faces - Great templating system - Comments on entries - Superb support forum - Built by a professional software developer - Based on PHP, MySQL

Vuln. Description:
Input passed to the "categoryid","entryid","year","month","day" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

examples:
/index.php?categoryid=[SQL]
/index.php?entryid=[SQL]
/index.php?month=1&year=[SQL]
/index.php?month=[SQL]
/index.php?year=2005&month=12&day=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew