Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> myBloggie Multiple Vulnerabilities


Vulnerability Assessment Details

myBloggie Multiple Vulnerabilities

Vulnerability Assessment Summary
Searches for the existence of a myBloggie

Detailed Explanation for this Vulnerability Assessment

The remote host is running myBloggie, a web log system written in PHP.

The remote version of this software has been found contain multiple
vulnerabilities:

* Full Path Disclosure
Due to an improper sanitization of the post_id parameter, it's possible
to show the full path by sending a simple request.

* Cross-Site Scripting (XSS)
Input passed to 'year' parameter in viewmode.php is not properly sanitised
before being returned to users. This can be exploited execute arbitrary
HTML and script code in a user's browser session in context of a vulnerable
site.

* SQL Injection
When myBloggie get the value of the 'keyword' parameter and put it in the
SQL query, don't sanitise it. So a remote user can do SQL injection attacks.

Solution: Patches have been provided by the vendor and are available at:
http://mywebland.com/forums/viewtopic.php?t=180

Risk factor: High

Networks Security ID: 13192, 13507

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Noam Rathaus

Cables, Connectors

Windows Multipoint linux Userful server Ethernet Zero Client Atrust m320
$100.0
Windows Multipoint linux Userful server Ethernet Zero Client Atrust m320 pictureOpenMediaVault NAS Network Attached Storage Server Raspberry Pi 3 micro SD card
$15.0
OpenMediaVault NAS Network Attached Storage Server Raspberry Pi 3 micro SD card pictureVA Linux 1221 1U Dual Pentium III 1GHz / 3GB SDRAM / 18GB SCSI Pfsense TESTED
$92.92
VA Linux 1221 1U Dual Pentium III 1GHz / 3GB SDRAM / 18GB SCSI Pfsense TESTED pictureSymantec Backup Exec Remote Agent (CAL) Linux or UNIX Servers Build 5629 CD
$4.99
Symantec Backup Exec Remote Agent (CAL) Linux or UNIX Servers Build 5629 CD picture


Discussions

No Discussions have been posted on this vulnerability.