---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Minimal Ablog Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32886 VERIFY ADVISORY: http://secunia.com/advisories/32886/ CRITICAL: Highly critical IMPACT: Security Bypass, Manipulation of data, System access WHERE: >From remote SOFTWARE: Minimal Ablog 0.x http://secunia.com/advisories/product/20635/ DESCRIPTION: NoGe has discovered some vulnerabilities in Minimal Ablog, which can be exploited by malicious people to conduct SQL injection attacks, bypass certain security restrictions, or compromise a vulnerable system. 1) Input passed to the "id" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) The problem is that administrative scripts placed in the "admin/" directory can be accessed without valid credentials. This can be exploited to e.g. change the administrator's password or upload arbitrary files. Successful exploitation allows execution of arbitrary script code on certain configurations (e.g. if running an Apache server with "mod_mime" enabled) by uploading files with multiple extensions. The vulnerabilities are confirmed in version 0.4. Other versions may also be affected. SOLUTION: Restrict access to the "admin/" directory (e.g. via ".htaccess"). Filter malicious characters and character sequences in a web proxy. PROVIDED AND/OR DISCOVERED BY: NoGe ORIGINAL ADVISORY: http://milw0rm.com/exploits/7306 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------