NASLDB: eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
General
ID: 31720
Name: eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
Summary: Tries to bypass the login check
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote host is running eggBlog, a free PHP and MySQL blog software
package.
The version of eggBlog installed on the remote host fails to sanitize
input to the ‘email’ and ‘password’ cookies before using it in the
‘eb_login’ function in ‘_lib/user.php’ to perform database queries.
Provided PHP’s ‘magic_quotes_gpc’ setting is disabled, an attacker may
be able to leverage this issue to manipulate database queries to
disclose sensitive information, bypass authentication, modify data, or
even attack the underlying database.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2008-1626
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2008/04/01
Plugin
Version: 1.15
Filename: eggblog_cookie_sql_injection.nasl
Filesize: 3339 bytes
MD5 Hash: db2bb4ee711c11e8d1a11c7cf408fa10
Identification: –
Require Keys: www/PHP
Dependencies: "http_version.nasl"
Copyright: This script is Copyright© 2008-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack