Multiple Vulnerabilities in aoblogger

Summary

Vulnerability
Multiple Vulnerabilities in aoblogger
Discovered
2006.01.16
Last Update
0 n/a
ID
EV0037
CVE
CVE-2006-0310 CVE-2006-0311 CVE-2006-0312
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched
Vendor
n/a
Vulnerable Software
aoblogger (http://mikeheltonisawesome.com/)
Version
2.3
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in aoblogger (http://mikeheltonisawesome.com/) script.

1. Arbitrary script code insertion is possible in BBcode [url] tag.

[url] tag isn't properly sanitized. This can be used to post arbitrary script code.


2. SQL Injection is possible.

Vulnerable script: login.php

Variable $username isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off


3. Unauthorized "New Entry" creation is possible.

Vulnerable script: create.php

This script checks variable $uza for existence and dont check username and password before adding new entry in database.

PoC/Exploit

1. BBcode Example:

[url]javascript:alert(123)[/url]


2. SQL Injection Example:

link: http://host/aoblogger/login.php
username: username'/*
password: any


3. New Entry creation

<form action="http://host/aoblogger/create.php" method="post">
<input name="uza" value=1>
<input name="title" value="anytitle">
<textarea name="message">anymessage</textarea>
</form>

Solution.

Solution for "Multiple Vulnerabilities in aoblogger" is not available. Check vendor's website for updates.