SQL Injection Vulnerability in wpBlog

Summary

Vulnerability
SQL Injection Vulnerability in wpBlog
Discovered
2006.04.04
Last Update
2006.04.14 Exploitation code published
ID
EV0119
CVE
CVE-2006-1639
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
wpBlog (http://www.wireplastik.com/)
Version
0.4
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in wpBlog (http://www.wireplastik.com/) script.

Vulnerable script: index.php

Parameter postid is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

SQL Injection Example:

http://[host]/wpBlog/index.php?postid=999'%20union%20select%201,2,3,4/*

Solution.

Solution for "SQL Injection Vulnerability in wpBlog" is not available. Check vendor's website for updates.

Order Source Code Audit

Check your site by source code analysis of your website made by our team.The work will be done by specialists in website security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>