Blaze Apps SQL Injection and HTML Injection Vulnerabilities
BID:40212
Info
Blaze Apps SQL Injection and HTML Injection Vulnerabilities
| Bugtraq ID: | 40212 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 19 2010 12:00AM |
| Updated: | Jan 19 2010 12:00AM |
| Credit: | AmnPardaz Security Research & Penetration Testing Group |
| Vulnerable: |
Blaze Apps Blaze Appscc 1.2.1 .6493 Blaze Apps Blaze Appsc 1.2.5 .6495 Blaze Apps Blaze Apps 1.4 .051909 Blaze Apps Blaze Apps 1.1.1 .5412 Blaze Apps Blaze Apps 1.1 .4713 Blaze Apps Blaze Apps 1.0 .0 Blaze Apps Blaze Apps 1.3.0.081908 |
| Not Vulnerable: | |
Discussion
Blaze Apps SQL Injection and HTML Injection Vulnerabilities
Blaze Apps is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is displayed, and launch other attacks.
The attacker may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Blaze Apps 1.4.0.051909 and prior are vulnerable.
Blaze Apps is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is displayed, and launch other attacks.
The attacker may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Blaze Apps 1.4.0.051909 and prior are vulnerable.
Exploit / POC
Blaze Apps SQL Injection and HTML Injection Vulnerabilities
An attacker can exploit these issues through a browser.
The following examples are available:
An attacker can exploit these issues through a browser.
The following examples are available: