Simplog Multiple SQL Injection Vulnerabilities

Bugtraq ID:	17652
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 22 2006 12:00AM
Updated:	Apr 24 2006 04:06PM
Credit:	Mustafa Can Bjorn IPEKCI <[email protected]> is credited with the discovery of these vulnerabilities.
Vulnerable:	Simplog Simplog 0.9.3 Simplog Simplog 0.9.2 Simplog Simplog 0.9 .2 Beta 2 Simplog Simplog 0.9 .1
Not Vulnerable:	Simplog Simplog 0.9.3 .1

Simplog Multiple SQL Injection Vulnerabilities

Simplog is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Version 0.9.3 is vulnerable to these issues; other versions may be affected as well.

Simplog Multiple SQL Injection Vulnerabilities

These issues can be exploited through a web client.

The following example URIs and exploit code is available:

• /data/vulnerabilities/exploits/17652.html
• /data/vulnerabilities/exploits/17652-exploit.pl

Simplog Multiple SQL Injection Vulnerabilities

Solution:
The vendor has addressed these and other issues in Simplog version 0.9.3.1.


Simplog Simplog 0.9 .2 Beta 2

• Simplog simplog-0.9.3.1.tar.gz
  http://prdownloads.sourceforge.net/simplog/simplog-0.9.3.1.tar.gz

Simplog Simplog 0.9 .1

• Simplog simplog-0.9.3.1.tar.gz
  http://prdownloads.sourceforge.net/simplog/simplog-0.9.3.1.tar.gz

Simplog Simplog 0.9.2

• Simplog simplog-0.9.3.1.tar.gz
  http://prdownloads.sourceforge.net/simplog/simplog-0.9.3.1.tar.gz

Simplog Simplog 0.9.3

• Simplog simplog-0.9.3.1.tar.gz
  http://prdownloads.sourceforge.net/simplog/simplog-0.9.3.1.tar.gz

Simplog Multiple SQL Injection Vulnerabilities

References:

• Simplog Home Page (Simplog)
  
• Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities. ("Mustafa Can Bjorn IPEKCI" )