CVE-2010-4917

A-Blog 2.0 - SQL Injection via Search Words Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4917. PoCs published by Ptrace Security.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in A-Blog v2.0's search.php, leveraging unsanitized input in the 'words' GET parameter to extract administrator credentials via a UNION-based attack. The payload bypasses whitespace filtering by using URL-encoded comments and operators.

Description

SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ptrace Security · pythonwebappsphp

https://www.exploit-db.com/exploits/14894

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in A-Blog v2.0's search.php, leveraging unsanitized input in the 'words' GET parameter to extract administrator credentials via a UNION-based attack. The payload bypasses whitespace filtering by using URL-encoded comments and operators.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: A-Blog v2.0

No auth needed

Prerequisites: Target must be running A-Blog v2.0 with exposed search.php · Network access to the target

MITRE ATT&CK