Bluemoon Inc. PopnupBlog XOOPS Module Index.PHP SQL Injection Vulnerability
BID:23286
Info
Bluemoon Inc. PopnupBlog XOOPS Module Index.PHP SQL Injection Vulnerability
| Bugtraq ID: | 23286 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2007 12:00AM |
| Updated: | Mar 03 2008 06:52PM |
| Credit: | ajann is credited with the discovery of this vulnerability. |
| Vulnerable: |
Bluemoon inc. PopnupBLOG 2.52 |
| Not Vulnerable: |
Bluemoon inc. PopnupBLOG 3.07 |
Discussion
Bluemoon Inc. PopnupBlog XOOPS Module Index.PHP SQL Injection Vulnerability
Bluemoon Inc. PopnupBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects PopnupBlog 2.52; other versions may also be affected.
Bluemoon Inc. PopnupBlog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue affects PopnupBlog 2.52; other versions may also be affected.
Exploit / POC
Bluemoon Inc. PopnupBlog XOOPS Module Index.PHP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example exploit is available:
Attackers can use a browser to exploit this issue.
The following example exploit is available:
Solution / Fix
Bluemoon Inc. PopnupBlog XOOPS Module Index.PHP SQL Injection Vulnerability
Solution:
The vendor released PopnupBlog 3.07 to address this issue. Please see the references for more information.
Bluemoon inc. PopnupBLOG 2.52
Solution:
The vendor released PopnupBlog 3.07 to address this issue. Please see the references for more information.
Bluemoon inc. PopnupBLOG 2.52
-
Bluemoon inc. PopnupBlog 3.19
http://www.bluemooninc.biz/~xoops2/modules/mydownloads/visit.php?cid=3 &lid=35
References
Bluemoon Inc. PopnupBlog XOOPS Module Index.PHP SQL Injection Vulnerability
References:
References:
- PopnupBlog Homepage (Bluemoon Inc.)
- XOOPS Homepage (XOOPS)