Link Bid Script suffers a remote SQL injection vulnerability in links.php.
40b0067b4a9fc88853e5631994823560d6c750513431c7d32b8814360e116ae1
######################{In The Name Of Allah The Mercifull} ######################
[~] Tybe: SQL Injection Vulnerabilities
[~] Vendor: www.linkbidscript.com
[+] Software: Link Bid Script
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ---->((4.!.5))
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 14.Jan.2010
[?] T!ME: 05:15 am GMT
[?] Home: © Offensive Security
[?]
======================================================================================
# SQL Injection # links.php id
======================================================================================
[*] Err0r C0N50L3:
http://127.0.0.1/links.php?id={EV!L EXPLO!T}
[*] prove of concept
when you put ' after id num you can see the page is changed
and when you put {order+by+1} after id you can see the normal page
the order is accepted so the script is infected.
[~]-----------------------------{((MAGOUSH-87))}------------------------------------------------#
#
[~] Greetz tO: [dolly &MERNA &DEV!L_MODY &po!S!ON Sc0rp!0N &JASM!N &MARWA & mAG0ush-1987] #
#
[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ #
#
[~] spechial thanks : ((HITLER JEDDAH & S!R TOTT! & DR.DAShER)) #
#
[?]spechial SupP0RT : MY M!ND # © Offensive Security #
#
[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t)) #
#
[~]spechial FR!ND: 0r45hy #
#
[~] !'M 4R48!4N 3XPL0!73R. #
#
[~]{[(D!R 4ll 0R D!E)]}; #
#
[~]---------------------------------------------------------------------------------------------
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed