DNNGo xBlog SQL Injection Vulnerability

A SQL injection vulnerability has been identified in DNNGo xBlog version 6.5.0. The issue arises in the Categorys parameter of the Resource_Service.aspx page. This vulnerability allows for blind SQL injection, where an attacker can manipulate SQL queries and infer database information based on the application's response.

Impact

Exploitation of this vulnerability allows for blind SQL injection, enabling attackers to manipulate SQL queries and extract data from the database. In this case, the vulnerability was exploited to retrieve email addresses from the 'users' table on the MSSQL server.

Reproduction

The vulnerability can be reproduced by sending HTTP GET requests to the Resource_Service.aspx page with crafted parameters that exploit the SQL injection flaw. This can be done using tools like Burp Suite Repeater. The injection can be verified by testing the Categorys parameter with SQL injection payloads, such as SQL keywords or arithmetic operations, to see if the application's response indicates a successful injection.

Remediation

DNNGo has developed a fix for this vulnerability, which is currently available in beta. Users of xBlog version 6.5.0 or earlier can download the beta release from the DNNGo website.