Back to list
Insanely simple blog - Multiple vulnerabilities
Jul 17 2007 10:08AM
joseph giron13 gmail com
Insanely simple blog version 0.5 and below
ISB contains multple vulnerabilities including both XSS, and SQL injection.
As for the sql injection portion, several GET variables allow for the injection of SQL queries.
First of which is the current_subsection variable.
The following proof of concepts are provided
http://www.example.net/index.php?current_subsection=2 or 1=1/*
^^ dumps all table data.
lect blah from content/*
The following bits of code work on the blog.
<OL onmouseover="alert('lol')">I like it</OL>
The fix for now is to filter blog entries with either a regex or the htmlspecialchars() function. The sql injection can be prevented by making sure the variables are numeric.
[ reply ]
Copyright 2010, SecurityFocus