Lucene search
isb05-sql.txt
Insanely simple blog version 0.5 and below with XSS and SQL injection vulnerabilitie
Show more
`Insanely simple blog version 0.5 and below
http://sourceforge.net/projects/insanelysimple2
ISB contains multple vulnerabilities including both XSS, and SQL injection.
First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can contain javascript allowing script execution. How? Well, tags are stripped, and there is
As for the sql injection portion, several GET variables allow for the injection of SQL queries.
First of which is the current_subsection variable.
The following proof of concepts are provided
http://www.example.net/index.php?current_subsection=2 or 1=1/*
^^ dumps all table data.
http://www.example.net/index.php?current_subsection=2%20union%20all%20select blah from content/*
The following bits of code work on the blog.
<B onmousemver="javascript:alert('lol')">Pizza pie</B>
<OL onmouseover="alert('lol')">I like it</OL>
The fix for now is to filter blog entries with either a regex or the htmlspecialchars() function. The sql injection can be prevented by making sure the variables are numeric.
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo18 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4