bBlog index.php postid Variable SQL Injection

2005-04-24T04:50:00
ID OSVDB:15756
Type osvdb
Reporter security curmudgeon(jericho@attrition.org)
Modified 2005-04-24T04:50:00

Description

Vulnerability Description

bBlog contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'postid' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 0.7.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

bBlog contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'postid' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Manual Testing Notes

http://[victim]/[blogpath]/?postid=1%20or%201=1

References:

Vendor URL: http://www.bblog.com/ Vendor Specific News/Changelog Entry: http://www.bblog.com/wiki/index.php/Change_Log Vendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683 Vendor Specific News/Changelog Entry: http://bblog.com/bugs/index.php?do=details&id=67 Security Tracker: 1013811 Related OSVDB ID: 15755 Related OSVDB ID: 15754 CVE-2005-1310