0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
QuickBlog v0.8 CMS - Multiple Web Vulnerabilities
[Title:
======
QuickBlog v0.8 CMS - Multiple Web Vulnerabilities
Introduction:
=============
QuickBlog est un gestionnaire de weblog ecrit en PHP4 compatible PHP5 et MySQL compatible MySQLi multi utilisateur multi
langue multi theme Il est tres simple et tres lege Il utilise un editeur WYSIWYG TinyMCE avec possibilite d annexe
(Copy of the Vendor Homepage: http://www.comscripts.com/scripts/php.quickblog.2256.html )
Details:
========
1.1
Multiple remote SQL Injection vulnerabilities are detected in QuickBlog v0.8 CMS. The vulnerability
allows an attacker (remote) or local low privileged user account to inject/execute own sql commands on the
affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.
The vulnerabilities are located on the application post requests of gestionpost & fct_affiche.inc.
Vulnerable Module(s):
[+] admin/gestionpost.php
[+] include/fct_affiche.inc.php
1.2
Multiple persistent input validation vulnerabilities are detected in QuickBlog v0.8 CMS. The bugs allow
remote attackers to implement/inject malicious script code on the application side (persistent). Successful
exploitation of the vulnerability can lead to session hijacking (manager/admin) or stable (persistent) context
manipulation. Exploitation requires low user inter action & privileged user account.
Vulnerable Module(s):
[+] recherche.php
[+] commentaire/form.php
[+] admin/samplemodifieddata.php
[+] admin/sampleposteddata.php
Solution:
=========
In file: admin/gestionpost.php
In lines 85 - 89:
if(isset($_GET[`page`]))
{
$page = $_GET[`page`];
$page = $page - 1;
}
edit:
if(isset($_GET[`page`]))
{
$page = (int)$_GET[`page`];
}
In file: include/fct_affiche.inc.php
In lines 56 - 59:
if(isset($_GET[`page`]))
{
$page = $_GET[`page`];
$page = $page - 1;
}
edit:
if(isset($_GET[`page`]))
{
$page = (int)$_GET[`page`];
}
In file: recherche.php
In lines 52 - 55:
if (isset($_POST[``search``]))
{
$mot = $_POST[``search``];
}
edit:
if (isset($_POST[``search``]))
{
$mot = htmlspecialchars(strip_tags($_POST[``search``]));
}
In file: commentaire/form.php
In lines 41:
$nom=$_POST[``nom``];
edit:
$nom= htmlspecialchars(strip_tags($_POST[``nom``]));
In file: admin/samplemodifieddata.php
In lines 47:
$titre = $_POST[``title``];
edit:
$titre = htmlspecialchars(strip_tags($_POST[``title``]));
In file: admin/sampleposteddata.php
In lines 38:
$titre = $_POST[``title``];
edit:
$titre = htmlspecialchars(strip_tags($_POST[``title``]));
# 0day.today [2024-11-14] #