Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities



EKU-ID: 377 CVE: OSVDB-ID:
Author: v3n0m Published: 2011-06-01 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


-----------------------------------------------------------------------
Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities
-----------------------------------------------------------------------
Author      : v3n0m
Site        : http://yogyacarderlink.web.id/
Date        : May, 31-2011
Location    : Jakarta, Indonesia
Time Zone   : GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Guru JustAnswer Professional
Vendor      : http://www.guruscript.com/
Price       : $499 USD
Version     : 1.25 Other versions may also be affected
Google Dork : allinurl:forum_answer.php?que_id= "Powered By Guruscript.com"

"NEW" GURU JUSTANSWER PROFESSIONAL 1.25 is a new powerful, scalable
& fully-featured application that lets you create a online experts
consultation site.
----------------------------------------------------------------

SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]
http://127.0.0.1/[path]/profile.php?id=[SQLi]

----------------------------------------------------------------
                   ALL YOGYACARDERLINK CREW
---------------------------[EOF]--------------------------------