admin
08-30-2005, 01:02 PM
simplePHPblog
http://www.simplephpblog.com
August 30th, 2005
http://secunia.com/advisories/16616/
Description:
Kenneth F. Belva has discovered a vulnerability in Simple PHP Blog, which can be exploited by malicious people to manipulate sensitive information.
Input passed to the "comment" parameter in "comment_delete_cgi.php" isn't properly verified, before it is used to delete comments. This can be exploited to delete arbitrary files.
This can further be exploited to change the administrator's username and password by deleting the "config/password.txt" password file and accessing the "install03_cgi.php" installation script.
The vulnerability has been confirmed in version 0.4.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Provided and/or discovered by:
Kenneth F. Belva
http://www.simplephpblog.com
August 30th, 2005
http://secunia.com/advisories/16616/
Description:
Kenneth F. Belva has discovered a vulnerability in Simple PHP Blog, which can be exploited by malicious people to manipulate sensitive information.
Input passed to the "comment" parameter in "comment_delete_cgi.php" isn't properly verified, before it is used to delete comments. This can be exploited to delete arbitrary files.
This can further be exploited to change the administrator's username and password by deleting the "config/password.txt" password file and accessing the "install03_cgi.php" installation script.
The vulnerability has been confirmed in version 0.4.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Provided and/or discovered by:
Kenneth F. Belva