[VIM] Verified Bit 5 Blog 8.01 SQL injection
Steven M. Christey
coley at mitre.org
Wed Jan 18 19:45:55 EST 2006
Re: BUGTRAQ:20060115 [eVuln] Bit 5 Blog SQL Injection & Authentication
Bypass Vulnerability
I was able to verify this via source inspection, *BUT* only for
version 8.0, as version 8.01 did not seem available for download from
http://bit5blog.sourceforge.net/download.html
In version 8.0, admin/processlogin.php has:
> $query = "SELECT * FROM " . SQLUSERS;
> $query .= " WHERE userid = '" . $_POST["username"] . "'";
> $query .= " AND password = '" . $_POST["password"] . "'";
> //echo $query . "<br>\n";
> $result = dbcaller($query);
and dbcaller in include/functions.php does:
> function dbcaller($arg)
> ...
> $result = mysql_query($arg);
> ...
- Steve
More information about the VIM
mailing list