SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   e-moBLOG Vendors:   e-moblog.be
e-moBLOG Input Validation Bugs Permit SQL Injection Attacks
SecurityTracker Alert ID:  1015524
SecurityTracker URL:  http://securitytracker.com/id/1015524
CVE Reference:   CVE-2006-0403   (Links to External Site)
Updated:  Jan 26 2006
Original Entry Date:  Jan 23 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 1.3
Description:   Aliaksandr Hartsuyeu of eVuln reported a vulnerability in e-moBLOG. A remote user can inject SQL commands.

The software does not properly validate user-supplied input. If magic_quotes_gpc' is disabled, a remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

The 'monthy' parameter in 'index.php' is affected. The 'login' parameter in 'admin/index.php' is also affected.

A demonstration exploit URL is provided:

http://[target]/emoblog/index.php?monthy=2006017'%20union%20select%201,2,3,4,5,6,7,8,9,10/*#1

The original advisory is available at:

http://evuln.com/vulns/43/summary.html

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.e-moblog.be/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [eVuln] e-moBLOG SQL Injection Vulnerability

New eVuln Advisory:
e-moBLOG SQL Injection Vulnerability
http://evuln.com/vulns/43/summary.html

--------------------Summary----------------

Software: e-moBLOG
Sowtware's Web Site: http://www.e-motionalis.net/
Versions: 1.3
Critical Level: Moderate
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
eVuln ID: EV0043

-----------------Description---------------
Vulnerable script: index.php 
Variable $monthy isn't properly sanitized before being used in a SQL
query. This can be used to make any SQL query by injecting arbitrary SQL
code. 

Vulnerable script: admin/index.php 
Variable $login isn't properly sanitized before being used in a SQL
query. This can be used to make any SQL query by injecting arbitrary SQL
code. 

Condition: gpc_magic_quotes - off 




--------------Exploit----------------------
1. SQL Inection Example 

http://host/emoblog/index.php?monthy=2006017'%20union%20select%
201,2,3,4,5,6,7,8,9,10/*#1 

2. SQL Inection Example 

link: http://host/emoblog/admin/index.php 
username: aaa' union select 'bbb','[md5-hash of anypass]'/* 
password: [anypass]

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Original Advisory:
http://evuln.com/vulns/43/summary.html

Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC