PhpBridges Blog System SQL Injection Vulnerability

vendor:

Blog System

by:

3spi0n

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Blog System

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: BackTrack 5, Win7 Ultimate

2012

PhpBridges Blog System SQL Injection Vulnerability

A SQL injection vulnerability exists in the PhpBridges Blog System. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'id' in the 'members.php' file. This can allow the attacker to gain access to the database and execute arbitrary code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: PhpBridges Blog System SQL Injection Vulnerability
# Date: 18/01/2012 - 04.19
# Author: 3spi0n
# Software Website: https://launchpad.net/phpbridges
# Tested On: BackTrack 5 - Win7 Ultimate
# Platform: Php
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[$] Vulnerable File:

[~] members.php

[$] Demo Sites:

[~] server/members.php?id=2" [SQL Injection]
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# Dar bi Koridor Benimki, Kendimi Aradigim.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

# Contact: Twitter.Com/RigidusCO - Facebook.Com/3spi0ne

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

- Mr.PaPaRoSSe And 3spi0n -

Bug Researcher Group - TURKEY

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>