Link Bid Script - 'links.php' SQL Injection



EKU-ID: 19763 CVE: OSVDB-ID:
Author: R3d-D3V!L Published: 2010-05-14 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


######################{In The Name Of Allah The Mercifull} ######################

[~] Tybe: SQL Injection Vulnerabilities
[~] Vendor: www.linkbidscript.com
[+] Software: Link Bid Script
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ---->((4.!.5))
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 14.Jan.2010
[?] T!ME: 05:15 am GMT
[?] Home: © Offensive Security
[?]

======================================================================================
# SQL Injection # links.php id
======================================================================================
[*] Err0r C0N50L3:
http://127.0.0.1/links.php?id={EV!L EXPLO!T}

[*] prove of concept


when you put ' after id num you can see the page is changed



and when you put {order+by+1} after id you can see the normal page


  the order is accepted so the script is infected.

[~]-----------------------------{((MAGOUSH-87))}------------------------------------------------#
#
[~] Greetz tO: [dolly &MERNA &DEV!L_MODY &po!S!ON Sc0rp!0N &JASM!N &MARWA & mAG0ush-1987] #
#
[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ #
#
[~] spechial thanks : ((HITLER JEDDAH & S!R TOTT! & DR.DAShER)) #
#
[?]spechial SupP0RT : MY M!ND # © Offensive Security #
#
[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t)) #
#
[~]spechial FR!ND: 0r45hy #
#
[~] !'M 4R48!4N 3XPL0!73R. #
#
[~]{[(D!R 4ll 0R D!E)]}; #
#
[~]---------------------------------------------------------------------------------------------