Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

Published
Credit
Risk
2011.05.31
v3n0m
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes

-----------------------------------------------------------------------

Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

-----------------------------------------------------------------------

Author : v3n0m

Site : http://yogyacarderlink.web.id/

Date : May, 31-2011

Location : Jakarta, Indonesia

Time Zone : GMT +7:00

----------------------------------------------------------------



Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~



Application : Guru JustAnswer Professional

Vendor : http://www.guruscript.com/

Price : $499 USD

Version : 1.25 Other versions may also be affected

Google Dork : allinurl:forum_answer.php?que_id= "Powered By Guruscript.com"



"NEW" GURU JUSTANSWER PROFESSIONAL 1.25 is a new powerful, scalable

& fully-featured application that lets you create a online experts

consultation site.

----------------------------------------------------------------



SQLi p0c:

~~~~~~~



http://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]

http://127.0.0.1/[path]/profile.php?id=[SQLi]



----------------------------------------------------------------

ALL YOGYACARDERLINK CREW

---------------------------[EOF]--------------------------------


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com