SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   PluggedOut Blog Vendors:   PluggedOut
PluggedOut Blog Input Validation Bugs Permit SQL Injection and Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1015586
SecurityTracker URL:  http://securitytracker.com/id/1015586
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 6 2006
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): 1.9.9c
Description:   Hamid Ebadi reported a vulnerability in PluggedOut Blog. A remote user can inject SQL commands. A remote user can also conduct cross-site scripting attacks.

The 'exec.php' script does not properly validate user-supplied input in the 'entryid' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

A demonstration exploit URL is provided:

http://[target]/exec.php?action=comment_add&entryid=[SQL INJECTION]

The 'problem.php' script does not properly filter HTML code from user-supplied input in the 'data' field before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the vulnerable software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

http://[target]/problem.php?id=1&data=<script>alert('Hamid
Network Security Team --> http://hamid.ir');alert(document.cookie)</script>

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PluggedOut Blog software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A remote user can execute SQL commands on the underlying database.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.pluggedout.com/index.php?pk=dev_blog (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  PluggedOut Blog SQL injection and XSS

PluggedOut Blog SQL INJECTION and XSS

PluggedOut Blog is an open source script you can run
on your web server to give you an online multi-user
journal or diary. 
It can be used equally well for any kind of calendar
application.Rather than give you a thousand things you
don't really want ...
PluggedOut Blog   : http://www.pluggedout.com/

Credit:
The information has been provided by Hamid Ebadi
(Hamid Network Security Team):admin@hamid.ir 
The original article can be found at:
http://hamid.ir/security/

Vulnerable Systems:
PluggedOut Blog  Version : Version: 1.9.9c
(2006-01-13) 

example :
The following URL can be used to trigger an SQL
injection vulnerability in the exec.php   : 
http://[PluggedOut
Blog]/exec.php?action=comment_add&entryid=[SQL
INJECTION]

and XSS 
http://[PluggedOut
Blog]/problem.php?id=1&data=<script>alert('Hamid
Network Security Team -->
http://hamid.ir');alert(document.cookie)</script>




Signature
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC