[VIM] secunia disputes r0t's eggblog vuln?
security curmudgeon
jericho at attrition.org
Tue Dec 27 08:15:15 UTC 2005
http://secunia.com/advisories/18212/
search.php q variable XSS they list..
search.php q variable path disclosure..
I am assuming that r0t threw a ' to the application, got an SQL error and
assumed injection. Secunia presumably did further testing and saw the
error disclosed path, but did not allow injection.
---------- Forwarded message ----------
From: Support Service <krustevs at googlemail.com>
To: moderators at osvdb.org
Date: Fri, 23 Dec 2005 09:18:09 +0100
Subject: [OSVDB Mods] eggblog vuln.
eggblog vuln.
Vuln. discovered by : r0t
Date: 22 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/eggblog-vuln.html
vendor:www.epicdesigns.co.uk/projects/eggblog.php
affected version:eggblog v2.0 and prior
Product Description:
eggblog is a small, simple, secure and open source blogging package. Anyone
with a php and mysql enabled server can make use of our easy to install
package to create their own personal blog.
Vuln. Description:
1.
eggblog contains a flaw that allows a remote sql injection
attacks.Inputpassed to the "q" parameter in "/forum/search.php" isn't
properly sanitised
before being used in a SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code
2.
eggblog contains a flaw that allows a remote cross site scripting attack.
This flaw exists because input passed to parameters in "home/search.php" and
when performing a search isn't properly sanitised before being returned to
the user.
This could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship between the
browser and the server, leading to a loss of integrity.
Solution:
Edit the source code to ensure that input is properly sanitised.
More information about the VIM
mailing list