Geeklog SEC_authenticate Function SQL Injection

high Nessus Plugin ID 36144

Synopsis

The remote web server contains a PHP script that is prone to a SQL injection attack.

Description

The version of Geeklog installed on the remote host fails to sanitize input to the 'username' argument of the 'SEC_authenticate' function in '/system/lib-security.php' before using it to construct database queries. Regardless of PHP's 'magic_quotes_gpc' setting, an unauthenticated attacker can exploit this issue to manipulate database queries to, for example, bypass authentication and gain access to dangerous functions, which in turn could allow for arbitrary code execution.

Solution

Configure Geeklog to disable Webservices.

See Also

https://www.geeklog.net/article.php/webservices-exploit

Plugin Details

Severity: High

ID: 36144

File Name: geeklog_username_sql_injection.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 4/13/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:geeklog:geeklog

Required KB Items: www/geeklog

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

BID: 34456