Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

2011.05.31

Credit: v3n0m

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

-----------------------------------------------------------------------

Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

-----------------------------------------------------------------------

Author  	: v3n0m

Site    	: http://yogyacarderlink.web.id/

Date		: May, 31-2011

Location	: Jakarta, Indonesia

Time Zone	: GMT +7:00

----------------------------------------------------------------

Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~

Application	: Guru JustAnswer Professional

Vendor  	: http://www.guruscript.com/

Price		: $499 USD

Version 	: 1.25 Other versions may also be affected

Google Dork	: allinurl:forum_answer.php?que_id= "Powered By Guruscript.com"

"NEW" GURU JUSTANSWER PROFESSIONAL 1.25 is a new powerful, scalable 

& fully-featured application that lets you create a online experts 

consultation site.

----------------------------------------------------------------

SQLi p0c:

~~~~~~~

http://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]

http://127.0.0.1/[path]/profile.php?id=[SQLi]

----------------------------------------------------------------

                   ALL YOGYACARDERLINK CREW

---------------------------[EOF]--------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.