-----------------------------------------------------------------------

Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

-----------------------------------------------------------------------

Author  	: v3n0m

Site    	: http://yogyacarderlink.web.id/

Date		: May, 31-2011

Location	: Jakarta, Indonesia

Time Zone	: GMT +7:00

----------------------------------------------------------------



Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~



Application	: Guru JustAnswer Professional

Vendor  	: http://www.guruscript.com/

Price		: $499 USD

Version 	: 1.25 Other versions may also be affected

Google Dork	: allinurl:forum_answer.php?que_id= "Powered By Guruscript.com"



"NEW" GURU JUSTANSWER PROFESSIONAL 1.25 is a new powerful, scalable 

& fully-featured application that lets you create a online experts 

consultation site.

----------------------------------------------------------------



SQLi p0c:

~~~~~~~



http://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]

http://127.0.0.1/[path]/profile.php?id=[SQLi]



----------------------------------------------------------------

                   ALL YOGYACARDERLINK CREW

---------------------------[EOF]--------------------------------