Simplog comments.php pid Variable SQL Injection

2006-04-24T10:32:37
ID OSVDB:24879
Type osvdb
Reporter Mustafa Can Bjorn(nukedx@nukedx.com)
Modified 2006-04-24T10:32:37

Description

Vulnerability Description

Simplog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the comments.php script not properly sanitizing user-supplied input to the 'pid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Upgrade to version 0.9.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Simplog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the comments.php script not properly sanitizing user-supplied input to the 'pid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

http://[target]/[simplogdir]/comments.php?blogid=1&pid=-1//UNION//SELECT//0,null,0,email,0,0,login,password,0,admin,0//from//blog_users//where/*/admin=1/

References:

Vendor URL: http://www.simplog.org/ Vendor Specific News/Changelog Entry: http://www.simplog.org/archive.php?blogid=1&pid=57 Security Tracker: 1015976 Secunia Advisory ID:19764 Related OSVDB ID: 24877 Related OSVDB ID: 24878 Related OSVDB ID: 24880 Other Advisory URL: http://www.nukedx.com/?viewdoc=25 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0649.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0564.html FrSIRT Advisory: ADV-2006-1493 CVE-2006-2029