Multiple SQL Injection Vulnerabilities in Maian Weblog

Summary

Vulnerability
Multiple SQL Injection Vulnerabilities in Maian Weblog
Discovered
2006.03.16
Last Update
2006.04.15 Solution added
ID
EV0101
CVE
CVE-2006-1334
Risk Level
medium
Type
SQL Injection
Status
Patched
Vendor
n/a
Vulnerable Software
Maian Weblog (http://www.maianscriptworld.co.uk/)
Version
2.0
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Maian Weblog (http://www.maianscriptworld.co.uk/) script.

Vulnerable scripts:
print.php
mail.php


Parameters entry email are not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

SQL Injection Examples:

http://[host]/print.php?cmd=log&entry=999'%20union%20select%201,2,3,4,5,6/*

http://[host]/mail.php?cmd=remove&email=111' or 1/*

Solution.

To fix this problem install or upgrade to 3.0 version.