Ublog Reload HTML Injection and SQL Injection Vulnerabilities
BID:22382
Info
Ublog Reload HTML Injection and SQL Injection Vulnerabilities
| Bugtraq ID: | 22382 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0798 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 18 2006 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | DoZ is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Uapplication Ublog Reload 1.0.5 |
| Not Vulnerable: | |
Discussion
Ublog Reload HTML Injection and SQL Injection Vulnerabilities
Ublog Reload is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. Other attacks are also possible.
Version 1.0.5 is reported vulnerable; other versions may also be affecred.
Ublog Reload is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. Other attacks are also possible.
Version 1.0.5 is reported vulnerable; other versions may also be affecred.
Exploit / POC
Ublog Reload HTML Injection and SQL Injection Vulnerabilities
An attacker can exploit these issues via a web client.
An attacker can exploit these issues via a web client.
Solution / Fix
Ublog Reload HTML Injection and SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Ublog Reload HTML Injection and SQL Injection Vulnerabilities
References:
References:
- Uapplication Home Page (Uapplication)
- Ublog Reload Admin Panel Multiple HTML Injections (DoZ)