Input-validation vulnerabilities in Blog System

vendor:

Blog System

by:

Unknown

N/A

CVSS

N/A

Multiple input-validation vulnerabilities

Unknown

CWE

Product Name: Blog System

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Input-validation vulnerabilities in Blog System

The Blog System is prone to multiple input-validation vulnerabilities including local file-include, SQL-injection, and cross-site-scripting issues. These vulnerabilities can be exploited to steal authentication credentials, view local files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39406/info

Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and cross-site-scripting issues.

Exploiting these issues can allow an attacker to steal cookie-based authentication credentials, view local files within the context of the webserver, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.

Blog System versions 1.5 and prior are affected. 

http://www.example.com/ADMIN/index.php?category=(home|comments|lists|habillage|info)&action=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/ADMIN/index.php?category=(home|comments|lists|habillage|info)&action=[LFI]%00