{"edition": 1, "title": "bBlog index.php postid Variable SQL Injection", "bulletinFamily": "software", "published": "2005-04-24T04:50:00", "lastseen": "2017-04-28T13:20:11", "modified": "2005-04-24T04:50:00", "reporter": "security curmudgeon(jericho@attrition.org)", "viewCount": 1, "href": "https://vulners.com/osvdb/OSVDB:15756", "description": "## Vulnerability Description\nbBlog contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'postid' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.\n## Solution Description\nUpgrade to version 0.7.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nbBlog contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'postid' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.\n## Manual Testing Notes\nhttp://[victim]/[blogpath]/?postid=1%20or%201=1\n## References:\nVendor URL: http://www.bblog.com/\nVendor Specific News/Changelog Entry: http://www.bblog.com/wiki/index.php/Change_Log\nVendor Specific News/Changelog Entry: http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683\nVendor Specific News/Changelog Entry: http://bblog.com/bugs/index.php?do=details&id=67\nSecurity Tracker: 1013811\n[Related OSVDB ID: 15755](https://vulners.com/osvdb/OSVDB:15755)\n[Related OSVDB ID: 15754](https://vulners.com/osvdb/OSVDB:15754)\n[CVE-2005-1310](https://vulners.com/cve/CVE-2005-1310)\n", "affectedSoftware": [{"name": "BBLog", "version": "0.7.4", "operator": "eq"}, {"name": "BBLog", "version": "0.7.5", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-04-28T13:20:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1310"]}, {"type": "nessus", "idList": ["BBLOG_0_7_4.NASL"]}], "modified": "2017-04-28T13:20:11", "rev": 2}, "vulnersScore": 6.9}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2005-1310"], "id": "OSVDB:15756", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:24:36", "description": "SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter.", "edition": 4, "cvss3": {}, "published": "2005-04-23T04:00:00", "title": "CVE-2005-1310", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1310"], "modified": "2008-09-05T20:48:00", "cpe": ["cpe:/a:eaden_mckee:bblog:0.7.4"], "id": "CVE-2005-1310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1310", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:eaden_mckee:bblog:0.7.4:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-20T09:25:10", "description": "The remote host is running bBlog, an open source blog software\napplication. \n\nAccording to its banner, the remote version of this software suffers\nfrom several vulnerabilities:\n\n - A SQL Injection Vulnerability\n It is reportedly possible to inject SQL statements \n through the 'postid' parameter of the 'index.php' script.\n\n - Multiple Cross-Site Scripting Vulnerabilities\n The application fails to properly sanitize user-supplied\n input through the blog entry title field and the comment \n body text.", "edition": 25, "published": "2005-05-03T00:00:00", "title": "bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-1865", "CVE-2005-1310", "CVE-2004-1570", "CVE-2005-1309"], "modified": "2005-05-03T00:00:00", "cpe": ["cpe:/a:eaden_mckee:bblog"], "id": "BBLOG_0_7_4.NASL", "href": "https://www.tenable.com/plugins/nessus/18188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description) {\n script_id(18188);\n script_version(\"1.22\");\n\n script_cve_id(\n \"CVE-2004-1570\", \n \"CVE-2004-1865\", \n \"CVE-2005-1309\", \n \"CVE-2005-1310\"\n );\n script_bugtraq_id(13397, 13398);\n\n script_name(english:\"bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a PHP application that is affected by\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running bBlog, an open source blog software\napplication. \n\nAccording to its banner, the remote version of this software suffers\nfrom several vulnerabilities:\n\n - A SQL Injection Vulnerability\n It is reportedly possible to inject SQL statements \n through the 'postid' parameter of the 'index.php' script.\n\n - Multiple Cross-Site Scripting Vulnerabilities\n The application fails to properly sanitize user-supplied\n input through the blog entry title field and the comment \n body text.\" );\n # http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f0a35ed\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Unknown at this time.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/05/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/04/24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:eaden_mckee:bblog\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for multiple vulnerabilities in bBlog <= 0.7.4\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\n\n# Search for bBlog.\nforeach dir (cgi_dirs()) {\n # Grab the admin index.php -- by default it holds the version number.\n r = http_send_recv3(method:\"GET\", item:string(dir, \"/bblog/index.php\"), port:port);\n if (isnull(r)) exit(0);\n res = r[2];\n\n # If it's bBlog...\n if (\"Welcome to bBlog\" >< res || \"<h1>bBlog</h1>\" >< res) {\n if (egrep(string:res, pattern:\"^bBlog \\.([0-6].+|7\\.[0-4])</a> &copy; 200\")) {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}