header-logo
Suggest Exploit
vendor:
Guru JustAnswer Professional
by:
v3n0m
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Guru JustAnswer Professional
Affected Version From: 1.25
Affected Version To: 1.25
Patch Exists: NO
Related CWE: N/A
CPE: a:guruscript:guru_justanswer_professional
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011

Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities

Guru JustAnswer Professional 1.25 is vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information stored in the database, such as user credentials, or to execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

     )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
										.WEB.ID
-----------------------------------------------------------------------
Guru JustAnswer Professional 1.25 Multiple SQL Injection Vulnerabilities
-----------------------------------------------------------------------
Author  	: v3n0m
Site    	: http://yogyacarderlink.web.id/
Date		: May, 31-2011
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00
----------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application	: Guru JustAnswer Professional
Vendor  	: http://www.guruscript.com/
Price		: $499 USD
Version 	: 1.25 Other versions may also be affected
Google Dork	: allinurl:forum_answer.php?que_id= "Powered By Guruscript.com"

"NEW" GURU JUSTANSWER PROFESSIONAL 1.25 is a new powerful, scalable 
& fully-featured application that lets you create a online experts 
consultation site.
----------------------------------------------------------------

SQLi p0c:
~~~~~~~

http://127.0.0.1/[path]/forum_answer.php?que_id=[SQLi]
http://127.0.0.1/[path]/profile.php?id=[SQLi]

----------------------------------------------------------------
                   ALL YOGYACARDERLINK CREW
---------------------------[EOF]--------------------------------

Navigation

Suggest Exploit

Services By CQR