WBBlog Index.PHP Multiple Input Validation Vulnerabilities

Bugtraq ID:	22998
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 16 2007 12:00AM
Updated:	Mar 16 2007 05:54PM
Credit:	xoron is credited with the discovery of these vulnerabilities.
Vulnerable:	LIQUA Web Solutions WBBlog 0
Not Vulnerable:

WBBlog Index.PHP Multiple Input Validation Vulnerabilities

WBBlog is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

WBBlog Index.PHP Multiple Input Validation Vulnerabilities

An attacker can exploit an SQL-injection vulnerability via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

• /data/vulnerabilities/exploits/22998.html

WBBlog Index.PHP Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

WBBlog Index.PHP Multiple Input Validation Vulnerabilities

References:

• Vendor Homepage (LIQUA Web Solutions)