CVE-2009-1049
published 2009-03-24CVE-2009-1049: SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.38%
68.6th percentile
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kamads | bloginator | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bloginator 1a - Cookie Bypass / SQL Injection
exploitdb·2009-03-19
CVE-2009-1050 Bloginator 1a - Cookie Bypass / SQL Injection
Bloginator 1a - Cookie Bypass / SQL Injection
---
##########################################################################
Author = FireShot , Jacopo Vuga.
Mail = fireshotautisticiorg
Software = Bloginator V1A
Download = http://kamads.com/kamads_ads/download.php?email=bloginator&ID=0
Greets to = Osirys, Myral, str0ke
###########################################################################
Vulnerability = Insicure Cookie Handling
###########################################################################
[CODE]
[URL] www.site.com/bloginator/articleCall.php
global $name,$password,$returnLink;
$p_name = strip_tags(substr($_POST['name'],0,32));
$p_password = strip_tags(substr($_POST['password'],0,32));
if(crypt($p_name , $name) == $name and crypt($p_password,$password) == $pass
Exploit-DB
Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass )
exploitdb·2009-03-19
CVE-2009-1049 Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass )
Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass )
---
##########################################################################
Author = FireShot , Jacopo Vuga.
Thx to = Osirys for develop the Exploitation Code with me
Mail = fireshotautisticiorg / osirysautisticiorg
Vulnerability = SQL Command Injection (mq = off)
Software = Bloginator V1A
Download = http://kamads.com/kamads_ads/download.php?email=bloginator&ID=0
Greets to = Myral, str0ke
###########################################################################
[CODE]
[URL] www.site.com/bloginator/articleCall.php
global $name,$password,$returnLink;
$p_name = strip_tags(substr($_POST['name'],0,32));
$p_password = strip_tags(substr($_POST['password'],0,32));
if(crypt($p_name , $name) == $name and crypt($p_p
No writeups or analysis indexed.
http://osvdb.org/52839http://secunia.com/advisories/34395http://www.securityfocus.com/bid/34187https://exchange.xforce.ibmcloud.com/vulnerabilities/49325https://www.exploit-db.com/exploits/8243https://www.exploit-db.com/exploits/8244http://osvdb.org/52839http://secunia.com/advisories/34395http://www.securityfocus.com/bid/34187https://exchange.xforce.ibmcloud.com/vulnerabilities/49325https://www.exploit-db.com/exploits/8243https://www.exploit-db.com/exploits/8244
2009-03-24
Published