b2evolution INDEX.PHP SQL Injection Vulnerability
BID:12179
Info
b2evolution INDEX.PHP SQL Injection Vulnerability
| Bugtraq ID: | 12179 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 06 2005 12:00AM |
| Updated: | Jan 06 2005 12:00AM |
| Credit: | Discovery is credited to r0ut3r. |
| Vulnerable: |
b2evolution b2evolution 0.9 .0.11 b2evolution b2evolution 0.9 .0.10 b2evolution b2evolution 0.9 .0.09 b2evolution b2evolution 0.9 .0.08 b2evolution b2evolution 0.9 .0.05 b2evolution b2evolution 0.9 .0.03 b2evolution b2evolution 0.8.9 b2evolution b2evolution 0.8.7 b2evolution b2evolution 0.8.6 .2 b2evolution b2evolution 0.8.6 .1 b2evolution b2evolution 0.8.6 b2evolution b2evolution 0.8.2 .2 b2evolution b2evolution 0.8.2 |
| Not Vulnerable: | |
Discussion
b2evolution INDEX.PHP SQL Injection Vulnerability
A remote SQL injection vulnerability reportedly affects the 'index.php' script of b2evolution. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.
An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
All versions of b2evolution are considered vulnerable to this issue.
A remote SQL injection vulnerability reportedly affects the 'index.php' script of b2evolution. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.
An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
All versions of b2evolution are considered vulnerable to this issue.
Exploit / POC
b2evolution INDEX.PHP SQL Injection Vulnerability
An exploit is not required.
The following proof of concept URI's are available:
http://www.example.com/index.php?blog=1&title='&more=1&c=1&tb=1&pb=1
http://www.example.com/index.php?blog=1&title=%27&more=1&c=1&tb=1&pb=1
An exploit is not required.
The following proof of concept URI's are available:
http://www.example.com/index.php?blog=1&title='&more=1&c=1&tb=1&pb=1
http://www.example.com/index.php?blog=1&title=%27&more=1&c=1&tb=1&pb=1
Solution / Fix
b2evolution INDEX.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.