Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> myBloggie Multiple Vulnerabilities


Vulnerability Assessment Details

myBloggie Multiple Vulnerabilities

Vulnerability Assessment Summary
Searches for the existence of a myBloggie

Detailed Explanation for this Vulnerability Assessment

The remote host is running myBloggie, a web log system written in PHP.

The remote version of this software has been found contain multiple
vulnerabilities:

* Full Path Disclosure
Due to an improper sanitization of the post_id parameter, it's possible
to show the full path by sending a simple request.

* Cross-Site Scripting (XSS)
Input passed to 'year' parameter in viewmode.php is not properly sanitised
before being returned to users. This can be exploited execute arbitrary
HTML and script code in a user's browser session in context of a vulnerable
site.

* SQL Injection
When myBloggie get the value of the 'keyword' parameter and put it in the
SQL query, don't sanitise it. So a remote user can do SQL injection attacks.

Solution: Patches have been provided by the vendor and are available at:
http://mywebland.com/forums/viewtopic.php?t=180

Risk factor: High

Networks Security ID: 13192, 13507

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Noam Rathaus

Cables, Connectors

AMD Phenom II X4 925 2.8 GHz CPU Processor HDX925WFK4DGI 1800 MHz Socket AM3 6MB
$38.9
AMD Phenom II X4 925 2.8 GHz CPU Processor HDX925WFK4DGI 1800 MHz Socket AM3 6MB pictureGateway Nav50 LT2122U Netbook windows 7 intel atom N450 CPU 1.67 ghz 1gb 250gb
$35.0
Gateway Nav50 LT2122U Netbook windows 7 intel atom N450 CPU 1.67 ghz 1gb 250gb pictureCPU COOLING HEATSINK Hi-Grade M760S Clevo Notebook M765S 6-31-M74SN-201 F8 D
$16.52
CPU COOLING HEATSINK Hi-Grade M760S Clevo Notebook M765S 6-31-M74SN-201 F8 D pictureIntel Core i7-7700K Kaby Lake Quad-Core 4.2 GHz LGA 1151 91W Desktop Processor
$200.0
Intel Core i7-7700K Kaby Lake Quad-Core 4.2 GHz LGA 1151 91W Desktop Processor picture


Discussions

No Discussions have been posted on this vulnerability.