Link Bid Script links.php SQL Injection

2010-05-14T00:00:00
ID PACKETSTORM:89529
Type packetstorm
Reporter R3d-D3v!L
Modified 2010-05-14T00:00:00

Description

                                        
                                            `  
  
  
######################{In The Name Of Allah The Mercifull} ######################  
  
[~] Tybe: SQL Injection Vulnerabilities   
[~] Vendor: www.linkbidscript.com   
[+] Software: Link Bid Script   
[+] author: ((R3d-D3v!L))   
[~]   
[+] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ---->((4.!.5))   
[~]   
[?] contact: X[at]hotmail.co.jp   
[-]   
[?] Date: 14.Jan.2010   
[?] T!ME: 05:15 am GMT   
[?] Home: © Offensive Security   
[?]   
  
======================================================================================   
# SQL Injection # links.php id   
======================================================================================   
[*] Err0r C0N50L3:   
http://127.0.0.1/links.php?id={EV!L EXPLO!T}   
  
[*] prove of concept  
  
  
when you put ' after id num you can see the page is changed   
  
  
  
and when you put {order+by+1} after id you can see the normal page  
  
  
the order is accepted so the script is infected.  
  
[~]-----------------------------{((MAGOUSH-87))}------------------------------------------------#   
#   
[~] Greetz tO: [dolly &MERNA &DEV!L_MODY &po!S!ON Sc0rp!0N &JASM!N &MARWA & mAG0ush-1987] #   
#   
[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ #   
#   
[~] spechial thanks : ((HITLER JEDDAH & S!R TOTT! & DR.DAShER)) #   
#   
[?]spechial SupP0RT : MY M!ND # © Offensive Security #   
#   
[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t)) #   
#   
[~]spechial FR!ND: 0r45hy #   
#   
[~] !'M 4R48!4N 3XPL0!73R. #   
#   
[~]{[(D!R 4ll 0R D!E)]}; #   
#   
[~]---------------------------------------------------------------------------------------------  
  
_________________________________________________________________  
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.  
https://signup.live.com/signup.aspx?id=60969  
  
  
`