MvBlog Multiple Input Validation Vulnerabilities
BID:17481
Info
MvBlog Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 17481 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 12 2006 12:00AM |
| Updated: | Apr 12 2006 11:07PM |
| Credit: | todsah is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
MyBlog MyBlog 1.5 MyBlog MyBlog 1.4 MyBlog MyBlog 1.3 MyBlog MyBlog 1.2 MyBlog MyBlog 1.1 MyBlog MyBlog 1.0 |
| Not Vulnerable: |
MyBlog MyBlog 1.6 |
Discussion
MvBlog Multiple Input Validation Vulnerabilities
MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
The application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.
MvBlog is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
The application is prone to HTML-injection and SQL-injection vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Arbitrary script code may also be executed in the browser of an unsuspecting user in the context of the affected site; this may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
MvBlog Multiple Input Validation Vulnerabilities
These issues can be exploited with a web client.
These issues can be exploited with a web client.
Solution / Fix
MvBlog Multiple Input Validation Vulnerabilities
Solution:
The vendor has released version 1.6 to address this issue.
MyBlog MyBlog 1.4
MyBlog MyBlog 1.2
MyBlog MyBlog 1.0
MyBlog MyBlog 1.5
MyBlog MyBlog 1.1
MyBlog MyBlog 1.3
Solution:
The vendor has released version 1.6 to address this issue.
MyBlog MyBlog 1.4
-
MyBlog MvBlog-1.6.tar.gz
http://prdownloads.sourceforge.net/mvblog/MvBlog-1.6.tar.gz
MyBlog MyBlog 1.2
-
MyBlog MvBlog-1.6.tar.gz
http://prdownloads.sourceforge.net/mvblog/MvBlog-1.6.tar.gz
MyBlog MyBlog 1.0
-
MyBlog MvBlog-1.6.tar.gz
http://prdownloads.sourceforge.net/mvblog/MvBlog-1.6.tar.gz
MyBlog MyBlog 1.5
-
MyBlog MvBlog-1.6.tar.gz
http://prdownloads.sourceforge.net/mvblog/MvBlog-1.6.tar.gz
MyBlog MyBlog 1.1
-
MyBlog MvBlog-1.6.tar.gz
http://prdownloads.sourceforge.net/mvblog/MvBlog-1.6.tar.gz
MyBlog MyBlog 1.3
-
MyBlog MvBlog-1.6.tar.gz
http://prdownloads.sourceforge.net/mvblog/MvBlog-1.6.tar.gz
References
MvBlog Multiple Input Validation Vulnerabilities
References:
References:
- MyBlog Homepage (MyBlog)
- MyBlog XSS vulnerability (MyBlog)