sBlog SQL Injection and Path Disclosure Vulnerability

2006.05.05

Credit: admin subjectzero net

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-2189

CWE: CWE-89

CVSS Base Score: 10/10

Impact Subscore: 10/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

Summary:
Software: sBlog 0.7.2
Site: http://servous.se/
Description: sBlog is a simple and new PHP Blog.
Issue: Conducting a security benchmark on this open source software we have found that most of the versions of this software is prone to SQL Injection attack through which an attacker can trigger back sensitive information as well as gain administrative priviledges. The sql injection also discloses path information which may prove additional aid to the attacker.An unauthenticated attacker may execute arbitrary SQL statements on the web. This may compromise the database and expose sensitive information.
========================================
PROOF OF CONCEPT : http://www.subjectzero.net/research/sblog.htm
========================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

sBlog SQL Injection and Path Disclosure Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.