Vulnerabilities > CVE-2004-1570 - SQL Injection vulnerability in Eaden Mckee Bblog 0.7.2/0.7.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family CGI abuses NASL id BBLOG_0_7_4.NASL description The remote host is running bBlog, an open source blog software application. According to its banner, the remote version of this software suffers from several vulnerabilities: - A SQL Injection Vulnerability It is reportedly possible to inject SQL statements through the last seen 2020-06-01 modified 2020-06-02 plugin id 18188 published 2005-05-03 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18188 title bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18188); script_version("1.21"); script_cve_id( "CVE-2004-1570", "CVE-2004-1865", "CVE-2005-1309", "CVE-2005-1310" ); script_bugtraq_id(13397, 13398); script_name(english:"bBlog <= 0.7.4 Multiple Vulnerabilities (SQLi, XSS)"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a PHP application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "The remote host is running bBlog, an open source blog software application. According to its banner, the remote version of this software suffers from several vulnerabilities: - A SQL Injection Vulnerability It is reportedly possible to inject SQL statements through the 'postid' parameter of the 'index.php' script. - Multiple Cross-Site Scripting Vulnerabilities The application fails to properly sanitize user-supplied input through the blog entry title field and the comment body text." ); # http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f0a35ed" ); script_set_attribute(attribute:"solution", value: "Unknown at this time." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/03"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/24"); script_cvs_date("Date: 2018/06/13 18:56:26"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:eaden_mckee:bblog"); script_end_attributes(); summary["english"] = "Checks for multiple vulnerabilities in bBlog <= 0.7.4"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_php(port:port)) exit(0); # Search for bBlog. foreach dir (cgi_dirs()) { # Grab the admin index.php -- by default it holds the version number. r = http_send_recv3(method:"GET", item:string(dir, "/bblog/index.php"), port:port); if (isnull(r)) exit(0); res = r[2]; # If it's bBlog... if ("Welcome to bBlog" >< res || "<h1>bBlog</h1>" >< res) { if (egrep(string:res, pattern:"^bBlog \.([0-6].+|7\.[0-4])</a> © 200")) { security_hole(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); exit(0); } } }NASL family CGI abuses NASL id BBLOG_SQL_INJECT.NASL description The remote server runs a version of bBlog, a blogging system written in PHP and released under the GPL, which is as old as or older than version 0.7.4. The remote version of this software is affected by a SQL injection attack in the script last seen 2020-06-01 modified 2020-06-02 plugin id 15466 published 2004-10-13 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15466 title bBlog rss.php p Parameter SQL Injection code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15466); script_version("1.18"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2004-1570"); script_bugtraq_id(11303); script_name(english:"bBlog rss.php p Parameter SQL Injection"); script_summary(english:"Check bBlog version"); script_set_attribute(attribute:"synopsis", value: "The remote web application is vulnerable to a SQL injection attack."); script_set_attribute(attribute:"description", value: "The remote server runs a version of bBlog, a blogging system written in PHP and released under the GPL, which is as old as or older than version 0.7.4. The remote version of this software is affected by a SQL injection attack in the script 'rss.php'. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may use this flaw to execute arbitrary PHP code on this host or to take the control of the remote database."); script_set_attribute(attribute:"solution", value:"Upgrade to version 0.7.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:W/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/13"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/01"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:eaden_mckee:bblog"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("www/PHP"); exit(0); } # # The script code starts here # include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80, embedded:TRUE); if(!port) exit(0); if(!get_port_state(port))exit(0); if(!can_host_php(port:port))exit(0); foreach dir (make_list(cgi_dirs(), "/bblog")) { buf = http_get(item:string(dir,"/index.php"), port:port); r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1); if( r == NULL )exit(0); if(egrep(pattern:"www\.bBlog\.com target=.*bBlog 0\.([0-6]\.|7\.[0-3][^0-9]).*© 2003 ", string:r)) { security_hole(port); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); } }