Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27366
HistoryNov 27, 2011 - 12:00 a.m.

Blogs manager <= 1.101 SQL Injection Vulnerability

2011-11-2700:00:00
vulners.com
82
JSON

Dear all,
I have found a SQL injection vulnerability in Blogs manager <= 1.101
It seems to be version 1.101 as you can see in the files section of sourceforge.
I reported the vulnerability to the vendor but no response as stated
in the advisory.
Best,
muuratsalo

– ADVISORY –

Blogs manager <= 1.101 SQL Injection Vulnerability

author…: muuratsalo (Revshell.com)
contact…: muuratsalo[at]gmail[dot]com
download…: http://sourceforge.net/projects/blogsmanager/

[0x01] Vulnerability overview:

Blogs manager <= 1.101 is affected by a SQL injection vulnerability.
Note - A registered account could be required to exploit the vulnerability.

[0x02] Disclosure timeline:

[16/11/2011] - SQL injection vulnerability discovered and reported to
the vendor.
[19/11/2011] - No response from the vendor, public disclosure.

[0x03] Proof of Concept:

http://localhost/blogs/_authors_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/_blogs_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/_category_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/_comments_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/_policy_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/_rate_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/categoriesblogs_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/chosen_authors_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/chosen_blogs_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/chosen_comments_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]
http://localhost/blogs/help_list.php?a=search&amp;value=1&amp;SearchFor=muuratsalo&amp;SearchOption=Contains&amp;SearchField=[SQL
injection]

JSON