SQL Injection Vulnerability in wpBlog

Summary

Vulnerability: SQL Injection Vulnerability in wpBlog
Discovered: 2006.04.04
Last Update: 2006.04.14 Exploitation code published
ID: EV0119
CVE: CVE-2006-1639
Risk Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: wpBlog (http://www.wireplastik.com/)
Version: 0.4
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in wpBlog (http://www.wireplastik.com/) script.

Vulnerable script: index.php

Parameter postid is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

SQL Injection Example:

http://[host]/wpBlog/index.php?postid=999'%20union%20select%201,2,3,4/*

Solution.

Solution for "SQL Injection Vulnerability in wpBlog" is not available. Check vendor's website for updates.

SQL Injection Vulnerability in wpBlog

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools