KosmosBlog Multiple Input Validation Vulnerabilities
BID:40064
Info
KosmosBlog Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 40064 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2010 12:00AM |
| Updated: | Jan 22 2010 12:00AM |
| Credit: | Milos Zivanovic |
| Vulnerable: |
KosmosBlog KosmosBlog 0.9.3 |
| Not Vulnerable: | |
Discussion
KosmosBlog Multiple Input Validation Vulnerabilities
KosmosBlog is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, an HTML-injection issue, and a cross-site scripting issue.
Exploiting these issues can allow an attacker to run malicious HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
KosmosBlog 0.9.3 is vulnerable; other versions may be affected.
KosmosBlog is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, an HTML-injection issue, and a cross-site scripting issue.
Exploiting these issues can allow an attacker to run malicious HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Other attacks may also be possible.
KosmosBlog 0.9.3 is vulnerable; other versions may be affected.
Exploit / POC
KosmosBlog Multiple Input Validation Vulnerabilities
An attacker can exploit these issues through a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into visiting a malicious URI.
The following example URIs are available:
SQL injection:
http://kosmos/index.php?kategorija=[SQL_Injection]
http://kosmos/index.php?yearID=2010&monthID=2' [SQL_Injection]
http://kosmos/index.php?yearID=2010' [SQL_Injection]&monthID=2
http://kosmos/administration/deletecontent.php?action=blogpost&id=1' [SQL_Injection]
http://kosmos/administration/usermanager.php?action=obradi&id=1' [SQL_Injection]
Cross-site scripting:
http://kosmos/administration/addcomment.php?page=add&id="[XSS]
An attacker can exploit these issues through a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into visiting a malicious URI.
The following example URIs are available:
SQL injection:
http://kosmos/index.php?kategorija=[SQL_Injection]
http://kosmos/index.php?yearID=2010&monthID=2' [SQL_Injection]
http://kosmos/index.php?yearID=2010' [SQL_Injection]&monthID=2
http://kosmos/administration/deletecontent.php?action=blogpost&id=1' [SQL_Injection]
http://kosmos/administration/usermanager.php?action=obradi&id=1' [SQL_Injection]
Cross-site scripting:
http://kosmos/administration/addcomment.php?page=add&id="[XSS]
Solution / Fix
KosmosBlog Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].