header-logo
Suggest Exploit
vendor:
Aperto Blog
by:
NoGe
7.5
CVSS
HIGH
Local File Inclusion and SQL Injection
94, 98
CWE
Product Name: Aperto Blog
Affected Version From: 2000.1.1
Affected Version To: 2000.1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:apertoblog:apertoblog:0.1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Aperto Blog 0.1.1 Local File Inclusion and SQL Injection Vulnerabilities

Aperto Blog version 0.1.1 is vulnerable to Local File Inclusion and SQL Injection. The vulnerable files are admin.php, index.php and categories.php. An attacker can exploit these vulnerabilities by sending malicious requests to the vulnerable files. For example, an attacker can send a malicious request to admin.php?action=[LFI] to exploit the Local File Inclusion vulnerability. Similarly, an attacker can send a malicious request to categories.php?id=[SQL] to exploit the SQL Injection vulnerability.

Mitigation:

The application should validate user input and filter out any malicious code. The application should also use parameterized queries to prevent SQL Injection attacks.
Source

Exploit-DB raw data:

 
===========================================================================================================
 
 
  [o] Aperto Blog 0.1.1 Local File Inclusion and SQL Injection Vulnerabilities
 
       Software : Aperto Blog version 0.1.1
       Vendor   : http://code.google.com/p/apertoblog/
       Download : http://code.google.com/p/apertoblog/downloads/list
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com
 
 
===========================================================================================================
 
 
  [o] Vulnerable file
 
       admin.php
 
        if(isset($_GET['action'])) {
        if($_GET['action']=="logout") {
        session_destroy();
        go('index.php');
        } else {
        if(file_exists($_GET['action'].".php")) {
        include($_GET['action'].".php");
        } else {
        echo "404";
 
       index.php
 
        if(!$_GET['get']) {
        $articles = mysql_query("SELECT * FROM articles ORDER BY id DESC LIMIT 10");
        while($row = mysql_fetch_array($articles)) {
        showarticle($row, $settings[5]);
        }
        } elseif(file_exists($_GET['get'].".php")) {
        include($_GET['get'].".php");
        } else {
        echo "404";
 
       categories.php
 
        if(isset($_GET['id'])) {
        $cid = $_GET['id'];
        //Load category info
        $getcat = mysql_query("SELECT * FROM categories WHERE id='$cid'");
 
 
 
  [o] Exploit
 
       [ Local File Inclusion ]
 
     http://localhost/[path]/admin.php?action=[LFI]
     http://localhost/[path]/index.php?get=[LFI]
 
       [ SQL Injection ]
 
     http://localhost/[path]/categories.php?id=[SQL]
 
 
===========================================================================================================
 
 
  [o] Greetz
 
       MainHack BrotherHood [ http://mainhack.com/ ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa
       H312Y yooogy mousekill }^-^{ kaka11 martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
 
       GANYANG MALINGSIAL!!! [ http://malingsial.serverisdown.org/ ]
 
         
===========================================================================================================

# milw0rm.com [2008-12-15]

Navigation

Suggest Exploit

Services By CQR