Insanely Simple Blog SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113320 漏洞类型 SQL注入
发布时间 2007-07-17 更新时间 2007-07-18
CVE编号 CVE-2007-3889 CNNVD-ID CNNVD-200707-359
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/30317
https://www.securityfocus.com/bid/81644
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200707-359
|漏洞详情
InsanelySimpleBlog0.5版本及其早期版本中存在多个SQL注入漏洞。远程攻击者可以借助对index.php的current_subsection参数和其它未明向量,执行任意SQL指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/24934/info

Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.

Insanely Simple Blog 0.5 and prior versions are vulnerable. 

http://www.example.com/index.php?current_subsection=2 or 1=1/*
http://www.example.net/index.php?current_subsection=2%20union%20all%20select blah from content/*
|受影响的产品
Insanely Simple Blog Insanely Simple Blog 0.5
|参考资料

来源:BID
名称:24934
链接:http://www.securityfocus.com/bid/24934
来源:BUGTRAQ
名称:20080610[web-app]InsanelySimpleBlog0.5(index)RemoteSQLInjectionVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/493224/100/0/threaded
来源:BUGTRAQ
名称:20070717Insanelysimpleblog-Multiplevulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/473868/100/0/threaded
来源:MILW0RM
名称:5774
链接:http://www.milw0rm.com/exploits/5774
来源:SECUNIA
名称:26105
链接:http://secunia.com/advisories/26105
来源:MISC
链接:http://chroot.org/exploits/chroot_uu_010
来源:XF
名称:isb-currentsubscription-sql-injection(35450)
链接:http://xforce.iss.net/xforce/xfdb/35450
来源:SREASON
名称:2904
链接:http://securityreason.com/securityalert/2904