Babe Logger V2 Sql inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/babe-logger-v2-sql-inj-vuln.html Vendor:http://13scripts.com/ affected version: V2 and prior
Product Description: This script is geared towards babe blog type sites but can be used for any kind of link and/or image listing site imaginable. Whether it be a link dump site, tgp site, media site, etc, this script will do it, see the demos on the script below this one for more examples, you are not limited to these demos, they are just examples of what you can do with the script, and you can create your own setup. The script works on a template system and is 100% customizable. Only basic HTML knowledge is needed to change the look of the entire script, each demo was created in under 5 minutes. Takes about 30 seconds to fully install.
Vuln. description: Input passed to the "gal" parameter in "index.php" and "id" parameter in "comments.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
examples: /index.php?gal=[SQL] /comments.php?id=[SQL]
Solution: Edit the source code to ensure that input is properly sanitised.