Ublog Reload blog_comment.asp y Variable SQL Injection

2005-06-19T06:55:44
ID OSVDB:17386
Type osvdb
Reporter Dedi Dwianto(the_day@echo.or.id)
Modified 2005-06-19T06:55:44

Description

Vulnerability Description

Ublog Reload contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'blog_comment.asp' script not properly sanitizing user-supplied input to the 'y' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Uapplication has released a patch to address this vulnerability.

Short Description

Ublog Reload contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'blog_comment.asp' script not properly sanitizing user-supplied input to the 'y' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/UblogReload/blog_comment.asp?bi=71&m=6&y=[year][SQL Inject]&d=&s=category

References:

Vendor URL: http://www.uapplication.com/ Vendor Specific Solution URL: http://www.uapplication.com/news_details.asp?id=8 Security Tracker: 1014245 Secunia Advisory ID:15747 Related OSVDB ID: 17387 Related OSVDB ID: 17385 Other Advisory URL: http://echo.or.id/adv/adv18-theday-2005.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0153.html CVE-2005-2009 Bugtraq ID: 13991