simple Blog Input Validation Flaw in 'id' Parameter Lets Remote Users Inject SQL Commands
|
SecurityTracker Alert ID: 1016793 |
SecurityTracker URL: http://securitytracker.com/id/1016793
|
CVE Reference:
CVE-2006-4592
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Sep 5 2006
|
Impact:
Disclosure of system information, Disclosure of user information, User access via network
|
Exploit Included: Yes
|
Version(s): 2.3
|
Description:
A vulnerability was reported in simple Blog. A remote user can inject SQL commands.
The 'default.asp' script does not properly validate user-supplied input in the 'id' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
A demonstration exploit URL is provided:
http://[target]/[path]/default.asp?view=plink&id=-1%20UNION%20SELECT%20ID,uFULLNAME,uUSERNAME,uPASSWORD,uEMAIL,uDATECREATED,null,null,null%20FROM%20T_USERS%20WHERE%20id>1
The vendor was notified on September 2, 2006.
Vipsta & MurderSkillz reported this vulnerability.
The original advisory is available at:
http://milw0rm.com/exploits/2296
|
Impact:
A remote user can execute SQL commands on the underlying database.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: 8pixel.net/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|