Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3153

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3153
Last Modified 05 Sep 2008 04:53:36
Published 05 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3153

Summary

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.

Vulnerable Systems

Application

  • Mywebland Mybloggie 2.1.3 Beta


References

OSVDB - 19935

SECTRACK - 1014995

MISC - http://rgod.altervista.org/mybloggie213b.html

CONFIRM - http://mywebland.com/forums/showtopic.php?t=399

BUGTRAQ - 20051001 MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass

SREASON - 42


Last Updated: 27 May 2016 10:40:49