[UNIX] b2Evolution 'title' SQL Injection

From: SecuriTeam (support_at_securiteam.com)
Date: 01/09/05

  • Next message: SecuriTeam: "[UNIX] Exim host_aton() Buffer Overflow Vulnerability"
    To: list@securiteam.com
    Date: 9 Jan 2005 10:25:49 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      b2Evolution 'title' SQL Injection
    ------------------------------------------------------------------------

    SUMMARY

     <http://b2evolution.net/> b2evolution is "probably the most comprehensive
    blog engine you can find".

    An SQL injection vulnerability has been found in b2evolution's 'title'
    parameter, allowing a remote attacker to cause the program to include
    arbitrary SQL statements inside its existing statement.

    DETAILS

    Exploit:
    The following URL will trigger the vulnerability:
    http://vulnerable/index.php?blog=1&title='&more=1&c=1&tb=1&pb=1

    Workaround:
    A workaround has been posted on the vendor's web site:
    <http://forums.b2evolution.net/viewtopic.php?t=2695>
    http://forums.b2evolution.net/viewtopic.php?t=2695.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:shady.underground@gmail.com>
    r0ut3r.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[UNIX] Exim host_aton() Buffer Overflow Vulnerability"

    Relevant Pages

    • [NT] Netegrity SiteMinder smpwservicescgi.exe Target Redirection
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Due to improper filtering of user provided data, a remote attacker can ... This allows an attacker to redirect the user to whatever site ...
      (Securiteam)
    • [NT] WebArchiveX Unsafe Methods Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... String userAgent, ... scripting' entry, but unfortunately has not changed the version number. ...
      (Securiteam)
    • [NEWS] IBM Net.Data Macro Name Cross-Site Scripting Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The vulnerability is caused due to an input validation error in the db2www ... The vendor recommends that the "DTW_DEFAULT_ERROR_MESSAGE" feature (or ...
      (Securiteam)
    • [NEWS] TRUSTe.org Cross Site Scripting and Phishing Opportunities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... and guidance of many established companies and industry experts, TRUSTe ...
      (Securiteam)
    • [NT] Cross Site Scripting in Yet Another Forum.net
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Cross Site Scripting vulnerabilities were found in Yet Another Forum.net, ... This bulletin is sent to members of the SecuriTeam mailing list. ...
      (Securiteam)