Search...

Grayscale Blog jump.php Multiple Variable SQL Injection

2007-03-10T00:40:12

ID OSVDB:35092
Type osvdb
Reporter OSVDB
Modified 2007-03-10T00:40:12

Description

No description provided by the source

References:

Vendor URL: http://sourceforge.net/projects/gsblogger/ Related OSVDB ID: 35095 Related OSVDB ID: 35091 Related OSVDB ID: 35093 Related OSVDB ID: 35090 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0099.html FrSIRT Advisory: ADV-2007-0916 CVE-2007-1434 Bugtraq ID: 22911

JSON Vulners Source

Initial Source

{"bulletinFamily": "software", "viewCount": 0, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor URL: http://sourceforge.net/projects/gsblogger/\n[Related OSVDB ID: 35095](https://vulners.com/osvdb/OSVDB:35095)\n[Related OSVDB ID: 35091](https://vulners.com/osvdb/OSVDB:35091)\n[Related OSVDB ID: 35093](https://vulners.com/osvdb/OSVDB:35093)\n[Related OSVDB ID: 35090](https://vulners.com/osvdb/OSVDB:35090)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0099.html\nFrSIRT Advisory: ADV-2007-0916\n[CVE-2007-1434](https://vulners.com/cve/CVE-2007-1434)\nBugtraq ID: 22911\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "5ced1d86ef6dbf50100ff41c46dbd33f"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "aef181615d026fe70882bddbdf0ed2f8"}, {"key": "href", "hash": "6c10d991a96ce502f38bbbda2eab1fe9"}, {"key": "modified", "hash": "a852daafda692e7aac89297d42b0c479"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "a852daafda692e7aac89297d42b0c479"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "ef6eba4c3e286ab9a679fab37ca479ef"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:35092", "modified": "2007-03-10T00:40:12", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1434"]}, {"type": "osvdb", "idList": ["OSVDB:35091", "OSVDB:35093"]}, {"type": "exploitdb", "idList": ["EDB-ID:3447"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7370"]}], "modified": "2017-04-28T13:20:31"}, "vulnersScore": 7.5}, "id": "OSVDB:35092", "title": "Grayscale Blog jump.php Multiple Variable SQL Injection", "hash": "6bec39a49ff95dd6817de61409a1a257652a3ae21d33e7df176fceeb4b3e5fee", "edition": 1, "published": "2007-03-10T00:40:12", "type": "osvdb", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-1434"], "lastseen": "2017-04-28T13:20:31"}

{"cve": [{"lastseen": "2018-10-18T15:06:08", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.", "modified": "2018-10-16T12:38:30", "published": "2007-03-13T15:19:00", "id": "CVE-2007-1434", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1434", "title": "CVE-2007-1434", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://sourceforge.net/projects/gsblogger/\n[Related OSVDB ID: 35095](https://vulners.com/osvdb/OSVDB:35095)\n[Related OSVDB ID: 35093](https://vulners.com/osvdb/OSVDB:35093)\n[Related OSVDB ID: 35090](https://vulners.com/osvdb/OSVDB:35090)\n[Related OSVDB ID: 35092](https://vulners.com/osvdb/OSVDB:35092)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0099.html\nFrSIRT Advisory: ADV-2007-0916\n[CVE-2007-1434](https://vulners.com/cve/CVE-2007-1434)\nBugtraq ID: 22911\n", "modified": "2007-03-10T00:40:12", "published": "2007-03-10T00:40:12", "href": "https://vulners.com/osvdb/OSVDB:35091", "id": "OSVDB:35091", "title": "Grayscale Blog userdetail.php id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://sourceforge.net/projects/gsblogger/\n[Related OSVDB ID: 35095](https://vulners.com/osvdb/OSVDB:35095)\n[Related OSVDB ID: 35091](https://vulners.com/osvdb/OSVDB:35091)\n[Related OSVDB ID: 35090](https://vulners.com/osvdb/OSVDB:35090)\n[Related OSVDB ID: 35092](https://vulners.com/osvdb/OSVDB:35092)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0099.html\nFrSIRT Advisory: ADV-2007-0916\n[CVE-2007-1434](https://vulners.com/cve/CVE-2007-1434)\nBugtraq ID: 22911\n", "modified": "2007-03-10T00:40:12", "published": "2007-03-10T00:40:12", "href": "https://vulners.com/osvdb/OSVDB:35093", "id": "OSVDB:35093", "title": "Grayscale Blog detail.php id Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T18:30:15", "bulletinFamily": "exploit", "description": "Grayscale Blog 0.8.0 (Security Bypass/SQL/XSS) Multiple Remote Vulns. CVE-2007-1432,CVE-2007-1433,CVE-2007-1434. Webapps exploit for php platform", "modified": "2007-03-09T00:00:00", "published": "2007-03-09T00:00:00", "id": "EDB-ID:3447", "href": "https://www.exploit-db.com/exploits/3447/", "type": "exploitdb", "title": "Grayscale Blog 0.8.0 Security Bypass/SQL/XSS Multiple Remote Vulns", "sourceData": "# Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 #\n\nDate : 2007-02-24\nProduct : Grayscale Blog\nVersion : 0.8.0 - Prior version maybe also be affected\nVendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/\n\nVendor Status : 2007-02-24 -> Not Informed!\n 2007-03-02 -> Contacted, waiting reply!\n 2007-03-09 -> Vendor never replyed\n\nSource : omnipresent - omni\nE-mail : omnipresent[at]email[dot]it\n\nGoogle Dork : \"Powered by Grayscale Blog\"\n\n\nSecurity Issues :\n\n1.) Security Query Bypass: [TESTED]\n\nA user can do lots of stuff with some php scripts located in the directory \"/scripts/\", for example:\n\nadd_user.php - Security Bypass\n\n// $user_id=$_REQUEST['user_id']; // not used\n$user_loginname=$_REQUEST['user_loginname'];\n$user_password=$_REQUEST['user_password'];\n$user_real_name=$_REQUEST['user_real_name'];\n$user_email=$_REQUEST['user_email'];\n// $user_date_added=$_REQUEST['user_date_added']; // not used\n// $user_lastmod=$_REQUEST['user_lastmod']; // not used\n$user_permissions=$_REQUEST['user_permissions'];\n$user_added_by=$_REQUEST['user_added_by'];\n$user_lastmod_by=$_REQUEST['user_lastmod_by'];\n$user_allow=$_REQUEST['user_allow'];\n\n// define the query\n$query = \"INSERT INTO blog_users (user_loginname, user_password, user_real_name, user_email, user_date_added, user_lastmod, user_permissions, user_added_by, user_lastmod_by, user_allow )\n values ('$user_loginname', '$user_password', '$user_real_name', '$user_email', NOW(), NOW(), '$user_permissions', '$user_added_by', '$user_lastmod_by', '$user_allow')\";\n\nAs you can see the code there are no security restriction for any users!! Everyone can add a user with Administrator Privilege ($user_permissions = 3).\n\nOther files affected by some security issues, like the above, are:\n\n-addblog.php\n-editblog.php\n-editlinks.php\n-edit_users.php\n-add_links.php\n\nExample:\n\nhttp://vulnerable_server/path/scripts/add_users.php?user_loginname=HACK_USER&user_password=HACK_USER&user_real_name=real&user_email=os@so.net&user_permissions=3&user_added_by=1&user_lastmod_by=1&user_allow=1\n\nAnd you have admin rights!\n\n2.) XSS Vulnerability: [TESTED]\n\nSecurity issue in the following files:\n\n-\"/scripts/addblog_comment.php\" -> variables are not properly sanitized before being used in the query string\n-\"detail.php\" -> variables are not properly sanitized before being used in the query string (query2 -> blog_comments)\n\nExample:\n\nYou can put in the comment fields the following script:\n\n<script>alert(\"XSS\")</script>\n\n\n3.) SQL Injection vulnerability: [NOT TESTED]\n\nIn lots of files variables are not properly sanitized before being used, these files are, for example:\n\n-userdetail.php -> id variable\n-jump.php -> id variable and url variable for our redirect\n-detail.php -> id variable\n\nExample:\n\nhttp://vulnerable_server/path/detail.php?id=1;[SQL INJECTION]\n\n.:. Patches:\n\n0x0 No vendor patches released!\n0x1 Edit the source code to ensure that input is properly verified.\n\n# milw0rm.com [2007-03-09]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/3447/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-03-10T00:00:00", "published": "2007-03-10T00:00:00", "id": "SECURITYVULNS:VULN:7370", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7370", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}