MyBloggie Index.PHP Multiple SQL Injection Vulnerabilities
BID:24249
Info
MyBloggie Index.PHP Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 24249 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3003 |
| Remote: | Yes |
| Local: | No |
| Published: | May 31 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | [email protected] is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
myBloggie myBloggie 2.1.6 myBloggie myBloggie 2.1.5 myBloggie myBloggie 2.1.4 myBloggie myBloggie 2.1.3 Beta myBloggie myBloggie 2.1.3 myBloggie myBloggie 2.1.2 myBloggie myBloggie 2.1.1 |
| Not Vulnerable: | |
Discussion
MyBloggie Index.PHP Multiple SQL Injection Vulnerabilities
myBloggie is prone to an SQL-injection vulnerability.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
This issue affects myBloggie 2.1.6 and earlier.
myBloggie is prone to an SQL-injection vulnerability.
An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
This issue affects myBloggie 2.1.6 and earlier.
Exploit / POC
MyBloggie Index.PHP Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/apppath/index.php?mode=viewuser&cat_id='
http://www.example.com/apppath/index.php?mode=viewuser&month_no=4&year="
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/apppath/index.php?mode=viewuser&cat_id='
http://www.example.com/apppath/index.php?mode=viewuser&month_no=4&year="
Solution / Fix
MyBloggie Index.PHP Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MyBloggie Index.PHP Multiple SQL Injection Vulnerabilities
References:
References:
- myBloggie Web Site (myBloggie)
- MyBloggie 2.1.6 SQL Injection ([email protected])